EAP-TLS and OS X clients
jwinius at umrk.nl
Wed Feb 20 16:00:28 CET 2013
Quoting A.L.M.Buxey at lboro.ac.uk:
> you might want to look into 'eduroam CAT' tool - as your NREN
> federation/eduroam people about it.
Thanks very much! I'll look into it.
> whoa re your instructions aimed at? I worry a great deal about them
> because you arent telling them to install/verify a CA or a RADIUS server
> for the connection (thus basically negating the whole point of PKI!)
> and the site might use EAP-FAST (some places actually do more than
> just EAP-TTLS). also, end users dont need to run this tool! you
> (the admin) so all the hard work of configuring the profile and
> then just provide the end user/customer the *SIGNED* mobileconfig file
Oh, hey, I thought I was just sharing this information with a bunch of
lazy sysadmins, some of whom might be interested to know how I
eventually managed to connect OS X 10.7 (Lion) hosts to my wifi network.
As I mentioned in my previous post, I did not author those
instructions. I'm also not in the habit of re-posting information
written by others, but although they may not be perfect, I thought
they were helpful and then suddenly became worried that Apple might
make them disappear at one point or another (it wasn't exactly easy
information to find).
Moreover, I explained that I was using a WPA2-Enterprise configuration
with Freeradius 2.1.0, EAP-TLS and 4096-bit SHA-1 in my first post in
this thread on Sunday 17 Feb.
More information about the Freeradius-Users