Hi, Does anyone know if FreeRADIUS now supports Microsoft PEAP/EAP-TLS, i.e. when you select PEAP with Certificates in Windows (not plain EAP-TLS, or PEAP/MS-CHAPv2, which both work fine)? This post from 2007 (and FR 1.0.1) indicates that it didn't work then, wondered if that's changed at all? https://lists.freeradius.org/pipermail/freeradius-users/2007-April/msg00841.... For the reasons in that e-mail, I similarly don't care about using it for auth, as EAP-TLS works fine. However, from the SoH documentation, it needs either PEAP or DHCP to work. I haven't ruled out DHCP yet, but it seems a lot tidier to do it in RADIUS if possible, which in turn just leaves PEAP. The 'normal' PEAP with MS-CHAPv2 works fine giving the SoH details, but has to be "user authentication" on the client. EAP-TLS works fine presenting the certificate to connect to the network (Microsoft's so-called "computer auth"), but doesn't, as far as I can tell, do SoH. Is it actually possible to do SoH with certificate-based authentication, or do I have to look towards DHCP for this? I'm using a very custom config at the moment (on the latest v2.1.x branch), and having tried all sorts can't get it to play. I'll probably try working from the default config later just in case I've missed something blindingly obvious, but if anyone could confirm if the above post is still true or there is no other way to do it then it will save me a lot of time trying! :) Cheers, Matthew (Wishing Microsoft would bother to support a few additional options in their built-in supplicant, rather than just the couple of odd combinations that they want.) -- Matthew Newton, Ph.D. <mcn4@le.ac.uk> Systems Architect (UNIX and Networks), Network Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk>