RES: Re: RES: Re: PEAP/EAP-TLS with client and server certificate
Michael Griego
mgriego at utdallas.edu
Wed Apr 25 02:48:46 CEST 2007
On Apr 24, 2007, at 7:30 PM, Alan DeKok wrote:
> Which isn't supported in FreeRADIUS. If you tried using it on the
> client side, and running the server in debugging mode, the server
> would
> tell you it isn't supported. I'm not even sure that the Windows
> supplicant supports it.
It *is* supported by the Windows supplicant, and I'm pretty sure it
wouldn't be that difficult to enable support in FR (removing one or
two lines, IIRC). EAP-TLS inside of PEAP allows for the inner
("real") identity exchange to be obfuscated inside the tunnel since
the outer identity doesn't have to match the inner identity. I've
never used the PEAP-EAP-TLS functionality before myself in Windows,
but if its anything like the PEAP-EAP-MSCHAPv2 support, this argument
doesn't really mean anything since the inner and outer identities are
both set to the real identity in the Windows supplicant...
--Mike
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 6184 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20070424/85d38364/attachment.bin>
More information about the Freeradius-Users
mailing list