Mutual Authentication question
Last Post: October 21, 2006:
-
I've had this question when implementing this several times and took a couple of times to click with me. Doing it with Funk, IAS and ACS have some differences, too. Basically, the mutual auth is optional as is clearly stated in many of the CWNP texts. If you are to enable verification of the server identity, you have to install a cert on your client device. The only variance to this rule that I know of is if you have IAS setup with auto-enrollment using Active Directory. Nice feature, but you have to login to the domain w/ a wired connection first, which can pose problems. (you can install them manually or connect to the network to pull down the cert chain, too, but you get the point.) Otherwise, you install a cert manually on the client for the other methods. The client compares that to the identity response received from the AP.
I hope that helps.
Shawn
- 1