On Sat, Dec 26, 2015 at 10:24:34PM +0000, Nick Lowe wrote:
That's with EAP-TLS as the inner to EAP-PEAP, which we know works. You don't have a second factor at that point though because the client cert is only via the inner. In the case that EAP-MS-CHAPv2 is the inner, you can't use a client cert.
Yes, we're doing PEAP/EAP-TLS with windows; that works fine. It's requiring a client cert when using PEAP/EAP-MSCHAPv2 where it bombs out. Tried a lot of combinations, but it was 2-3 years ago so I can't remember what... Matthew -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>