> -----Original Message----- > From: > [EMAIL PROTECTED] > g > [mailto:[EMAIL PROTECTED] > adius.org] On Behalf Of [EMAIL PROTECTED] > Sent: Wednesday, May 24, 2006 3:02 PM > To: [email protected] > Subject: Using PEAP and WinXP > > Hi, > > I have a question regarding the setup for the WinXP client > when using PEAP. Does one always need to go into the > properties for the AP and configure which servers to connect > to or which root certification authorities are trusted? What > I mean is, whether you produced a server certificate yourself > and imported that CA onto the client machine, or whether you > had a certificate signed by someone like Verisign, you would > need to check the corresponding CA within the list.
It's my understanding that this is to prevent a man in the middle attack. Someone could easily setup a rouge AP, with a RADIUS Server. Since your requiring the server to identify itself (Via the Cert) you could detect this, and prevent it. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
