On 30/09/16 12:01, Matthew Newton wrote:
On Fri, Sep 30, 2016 at 11:53:27AM +0100, freeradius-users@latter.org wrote:
On 30/09/16 11:25, Matthew Newton wrote:
Most things will do EAP-TTLS/PAP these days. Windows XP/7 are the only real big exceptions I'm aware of. And if XP is a problem then that's the least of your issues.
I thought Windows 7 *did* support it. (Out of the box, in case that is not crystal clear!)
It arrived in Windows 8.
Well - that'll be why we don't do EAP-TTLS/PAP.
- Untick “Verify the server’s identity by validating the certificate”
Noooo :(
Yup.
So presumably we are at risk of people spoofing the SSID?
Yes
(although I believe the Aerohive kit has stuff to identify and deal with what they call "rogue" access points).
And when the rogue Access Point is not within hearing distance of your own APs? It sounds like a good feature, but it will again only provide an illusion of security.
I'll pass this back to the people whose trainset it is. thanks.