using windows 8's builtin eap-ttls w/ freeradius

Aman Arneja arneja.aman at gmail.com
Tue Mar 6 04:28:57 CET 2012


Hi Alan
I am from the Microsoft EAP team for windows 8 , if you face any issues
or need clarity on any of our features please feel free to email me at
aman.arneja at microsoft.com

BTW we have tested our TTLS with freeradius successfully !

also thanx for the feedback I am processing it and will reply to you in
a bit about it.
Please feel free to email me on any Win8 authentication related
issues/feedback.

We have an interesting auto discoverability feature as well in our
client , where if the profile has not been created we detect the method
on the basis of credential type and a few more parameters. Also for Tls
there is a new cert filtering mechanism. We also now support connecting
to a server in peap if we do not have the root cert , by throwing a
warning ( this is configurable of course )

We would love your feedback on these as well !

Thanx

Aman Arneja
Sent from my Windows Phone
From: Alan Buxey
Sent: 06-Mar-12 1:54 AM
To: FreeRadius users mailing list
Subject: Re: using windows 8's builtin eap-ttls w/ freeradius
hi,

right. interesting. I've just been looking into Windows 8 and I found
that if I chose a non-EAP method with TTLS (eg PAP or MSCHAP) then it
didnt work. but if I chose an EAP method with TTLS - eg EAP-MSCHAPv2 then
it worked fine. so more needs to be looked at there.

based on the UI it seems that theres 2 groups of people coding the stuff
as the PEAP interface has updated options and layout - whereas the TTLS
page is based on the old windows XP PEAP pane - from layout/options. its
a little hideous.  importing of CAs has changed again - since Win7 - the auto
detect for cert import now puts it into the wrong place again...but manually
choosing the store and choosing Root CAs gets it in the very small list of
CAs that Win8 knows...

it seems you can choose whatever you want for the anonymous ID in TTLS
too - whereas the PEAP anonymous is more conservative.

..and none of this can be done via the new 'metro' interface....yes, its
funky and looks pretty but once again, it doesnt show you much detail when
you hover over the wireless - signal strength bars, encyption and 802.11n -
so what about channel or SNR?

couldnt find an obvious 'disconnect' option in the interface either...but it
did take me a minute or 2 to find the 'shutdown/reset' option! ;-)

alan
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list