RES: Re: RES: Re: PEAP/EAP-TLS with client and server certificate

Michael Griego mgriego at
Wed Apr 25 02:48:46 CEST 2007

On Apr 24, 2007, at 7:30 PM, Alan DeKok wrote:

>   Which isn't supported in FreeRADIUS.  If you tried using it on the
> client side, and running the server in debugging mode, the server  
> would
> tell you it isn't supported.  I'm not even sure that the Windows
> supplicant supports it.

It *is* supported by the Windows supplicant, and I'm pretty sure it  
wouldn't be that difficult to enable support in FR (removing one or  
two lines, IIRC).  EAP-TLS inside of PEAP allows for the inner  
("real") identity exchange to be obfuscated inside the tunnel since  
the outer identity doesn't have to match the inner identity.  I've  
never used the PEAP-EAP-TLS functionality before myself in Windows,  
but if its anything like the PEAP-EAP-MSCHAPv2 support, this argument  
doesn't really mean anything since the inner and outer identities are  
both set to the real identity in the Windows supplicant...

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6184 bytes
Desc: not available
URL: <>

More information about the Freeradius-Users mailing list