9 Dec
2008
9 Dec
'08
5:35 a.m.
Jason Wittlin-Cohen wrote:
I already do that with the Juniper Access Client. The problem is that the client certificate has the user's name as the Common Name and that is sent in the clear. PEAP/EAP-TLS sends the user's certificate through the tunnel obviating the issue. I admit this isn't a large problem but it would be a nice feature to have.
FreeRADIUS doesn't support RFC 5216, it's too new. It has been tested with PEAPv0/EAP-TLS in the past, but it's not a common configuration. So it might not work now. Alan DeKok.