Certificate problem between 3.0.11 and 3.1.x

Jonathan Gazeley Jonathan.Gazeley at bristol.ac.uk
Tue Mar 15 17:06:47 CET 2016


On 15/03/16 16:00, Matthew Newton wrote:
> On Tue, Mar 15, 2016 at 03:53:25PM +0000, Jonathan Gazeley wrote:
>> On 15/03/16 15:47, Arran Cudbard-Bell wrote:
>>> Any idea what machine auth actually is.  Is it something weird like EAP-TLS in EAP-TLS?
>>
>> It's EAP-PEAP using the default Windows supplicant.
>
> What's the inner? MSCHAPv2 or EAP-TLS.

MSCHAPv2.
>
> i.e "Machine auth" with domain credentials (machine account p/w)
> or certificates?

With domain credentials.
>
> PEAP/EAP-TLS runs into MTU issues as Arran said, but I'd expect
> that to be the same on 3.0.x and 3.1.x. But you probably need to
> enable debugging on the Windows supplicant side and see what it's
> complaining about.

Groan. I'm not a Windows guy :)

I'm just puzzled by the apparent difference in behaviour between 3.0.11 
and 3.1.x when neither the certificates nor the clients have been 
changed. I'll keep looking.

Thanks,
Jonathan


More information about the Freeradius-Users mailing list