26 Nov
2018
26 Nov
'18
12:04 p.m.
On Nov 26, 2018, at 3:06 PM, Tom Yard <tomyyard@gmail.com> wrote:
Hi people, I wanto to implement a Freeradius authentication scheme, using server and client SSL certificates: every client that require WiFI access has to have a valid SSL certificate.
I think I have to use:
Authetication methos: EAP-TLS Authentication protocol with NTLM: MSCHAP or MSCHAPv2
My clients are Windows, Linux and maybe Android.
Is my proposal correct ?
EAP-TLS can't carry and inner method, so not really. You can use EAP-TTLS with a client cert (so it behaves like EAP-TLS), and then run EAP-MSCHAPv2 as the inner method to do NTLM. -Arran