On 24 Aug 2015, at 19:40, Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
On 24 Aug 2015, at 19:30, Isaac Konikoff <isaac.konikoff@gmail.com> wrote:
Hi,
I'm trying to authenticate a wifi client (wpa_supplicant) using eap-peap with phase2 autheap=md5. In debug output, eap-peap appears to finalize with mschapv2 but eap-ttls uses eap-md5. Can I force eap-peap to use eap-md5?
No. EAP-PEAP uses MSCHAPv2 and lacks a negotiation mechanism for the inner tunnel.
Oops, missed the fall-through case. I thought we limited the server artificially to MSCHAPv2, but it looks like any inner EAP method is supported without restrictions. Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS development team FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2