RES: Re: RES: Re: PEAP/EAP-TLS with client and server certificate
Alan DeKok
aland at deployingradius.com
Wed Apr 25 02:30:29 CEST 2007
Marcelo Augusto Rodrigues Pimentel wrote:
> I said two parts, because those parts of my configuration uses TLS:
>
> The first part is making the encrypt tunnel using PEAP --> Only validates server certificate to create the tunnel.
>
> The second part is the authenticathion inner the tunnel with EAP-TLS --> Mutual validation of client and server certificate.
FreeRADIUS doesn't support EAP-TLS inside of PEAP. It's also
unnecessary. PEAP can have client certificates, and therefore doesn't
need an inner TLS stage for client certificates.
> This configuration is like Geroge Ou said below:
Which isn't supported in FreeRADIUS. If you tried using it on the
client side, and running the server in debugging mode, the server would
tell you it isn't supported. I'm not even sure that the Windows
supplicant supports it.
If you want the server to support it, there are a number of options
open to you. Send in patches, or fund someone to write the patches.
Alan DeKok.
--
http://deployingradius.com - The web site of the book
http://deployingradius.com/blog/ - The blog
More information about the Freeradius-Users
mailing list