Microsoft PEAP-EAP-TLS support (certificate auth with SoH)?
aland at deployingradius.com
Fri Jan 20 08:28:49 CET 2012
Matthew Newton wrote:
> Does anyone know if FreeRADIUS now supports Microsoft
> PEAP/EAP-TLS, i.e. when you select PEAP with Certificates in
> Windows (not plain EAP-TLS, or PEAP/MS-CHAPv2, which both work
> fine)? This post from 2007 (and FR 1.0.1) indicates that it didn't
> work then, wondered if that's changed at all?
It might work. I recall doing some testing a while ago. It's not a
widely used feature.
You'll need to set up *two* instances of the EAP module. One for the
outer PEAP session, and a separate one for the inner EAP.
> Is it actually possible to do SoH with certificate-based
> authentication, or do I have to look towards DHCP for this?
No idea. Ask Microsoft how their software works.
More information about the Freeradius-Users