more EAP/TTLS trouble

Phil Mayers p.mayers at
Wed May 30 15:15:09 CEST 2012

On 30/05/12 13:44, Steve Hopps wrote:

> IPhones work with a custom config profile that's easily installed.
> However, our most significant hurdle is windows machines. Who would have
> guessed??? For some stupid reason Microsoft doesn't care about
> supporting all modern encryption standards. Making our staff pay for
> SecureW2 isn't an option and XSupplicant doesn't work reliably yet in
> 64bit Win7. So I'm back to trying to get mschapv2 working with peap.
> This seems impossible.

It's certainly a shame that Windows 7 doesn't support TTLS/PAP.

PEAP/MSCHAP requires you have the plaintext password or NT hash, or 
access to an mschap "oracle" like ntlm_auth running on Samba as a member 
of the domain.

If you don't have those, you can't do PEAP/MSCHAP, and your options are 
very limited.

EAP-TLS, perhaps?

More information about the Freeradius-Users mailing list