On 15/03/16 16:06, Jonathan Gazeley wrote:
On 15/03/16 16:00, Matthew Newton wrote:
On Tue, Mar 15, 2016 at 03:53:25PM +0000, Jonathan Gazeley wrote:
On 15/03/16 15:47, Arran Cudbard-Bell wrote:
Any idea what machine auth actually is. Is it something weird like EAP-TLS in EAP-TLS?
It's EAP-PEAP using the default Windows supplicant.
What's the inner? MSCHAPv2 or EAP-TLS.
MSCHAPv2.
i.e "Machine auth" with domain credentials (machine account p/w) or certificates?
With domain credentials.
PEAP/EAP-TLS runs into MTU issues as Arran said, but I'd expect that to be the same on 3.0.x and 3.1.x. But you probably need to enable debugging on the Windows supplicant side and see what it's complaining about.
Groan. I'm not a Windows guy :)
I'm just puzzled by the apparent difference in behaviour between 3.0.11 and 3.1.x when neither the certificates nor the clients have been changed. I'll keep looking.
Well, I wasn't able to get any useful debugging information out of Windows so we have reluctantly taken the decision to revert from bleeding-edge 3.1.x to stable 3.0.11 and work around the problem we were having by avoiding it. We'll revisit this when 3.2.x is released. Thanks to everyone who helped with our troubleshooting. Jonathan