Since EAP's deployment, a number of weaknesses in EAP have become noticeable. These include the following:
- Lack of protection of the user identity or the EAP negotiation.
- No standardized mechanism for key exchange.
- No built-in support for fragmentation and reassembly.
- Lack of support for fast reconnect.
The Internet Authentication Service (IAS) networking component provided with Windows Server 2003 also supports PEAP with MS-CHAP v2, permitting an IAS server to authenticate wireless clients that are running Windows XP SP1. IEEE 802.1x authentication with PEAP support is also available for Windows 2000 clients and the IAS component.
For additional information about adding IEEE 802.1x with PEAP support to Windows 2000 clients and IAS servers, click the following article number to view the article in the Microsoft Knowledge Base:
Windows XP includes the root CA certificates of many third-party CAs. If IAS server certificates are purchased from a third-party CA that corresponds to an included root CA certificate, no additional wireless client configuration is required. For information about how to obtain a PEAP-compatible certificate from Verisign, visit the following Verisign Web site:
If you purchase your IAS server certificates from a third-party CA for which Windows XP does not include a corresponding root CA certificate, you must install the root CA certificate on each wireless client.
Article ID: 325725 - Last Review: Sep 11, 2011 - Revision: 1