MS-CHAP V2 and server certs

Giganews Newsgroups
Subject: MS-CHAP V2 and server certs
Posted by:  tweaked5… (tweaked5…
Date: 20 Nov 2006

I have a question about IAS, PEAP
MS-CHAP V2, and wireless.  I am using MS-CHAP V2 to authenticate PDAs
on our wireless network.  Because we are using MS-CHAP V2, we are using

AD credentials to authenticate the clients.  Everywhere I have read it
states that we have to install the server certificate onto the device.
I have found a loop hole though.  Both on the wireless PDA and laptops,

we can choose not to validate the server certificate.  I can still
authenticate to the IAS server (wireless) but I have not installed the
server cert onto the device (because I have unchecked the validate
server checkbox both in zero config and the wireless application).
This is my question, if we don't validate the server and if we don't
have the server cert, won't the transmission of the user account and
password be in clear text?  Is there a way on the IAS server that we
have to force the clients to have the server cert or they wont be

Peter Kim