Microsoft PEAP-EAP-TLS support (certificate auth with SoH)?

Alan DeKok aland at
Fri Jan 20 08:28:49 CET 2012

Matthew Newton wrote:
> Does anyone know if FreeRADIUS now supports Microsoft
> PEAP/EAP-TLS, i.e. when you select PEAP with Certificates in
> Windows (not plain EAP-TLS, or PEAP/MS-CHAPv2, which both work
> fine)? This post from 2007 (and FR 1.0.1) indicates that it didn't
> work then, wondered if that's changed at all?

  It might work.  I recall doing some testing a while ago.  It's not a
widely used feature.

  You'll need to set up *two* instances of the EAP module.  One for the
outer PEAP session, and a separate one for the inner EAP.

> Is it actually possible to do SoH with certificate-based
> authentication, or do I have to look towards DHCP for this?

  No idea.  Ask Microsoft how their software works.

  Alan DeKok.

More information about the Freeradius-Users mailing list