On Dec 1, 2020, at 6:08 PM, Matthew Newton <mcn@freeradius.org> wrote:
That's my site ;-P
Then it's perfect and magical. :)
The info there is about the only place on the web that describes how PEAP/EAP-TLS works, or at least it was when written. It is old now, but the config still looks pretty correct. As it says, it's the fragment_size thing that actually matters.
OK.
Can someone provide a working config for PEAP/EAP-TLS?
Honestly, why? There's no point now unless you want to slow your authentication down by adding more round trips. The first paragraph on the site says as much.
Microsoft have removed SoH from Windows 10. There's about no other reason I can think of to do both PEAP and EAP-TLS.
Just use EAP-TLS on its own. It's simpler, and faster.
True. :) Alan DeKok.