debian, wpa_supplicant, TTLS/TLS working, PEAP/TLS fails

Martin Kraus lists_mk at wujiman.net
Wed Aug 21 21:52:14 CEST 2013


On Wed, Aug 21, 2013 at 01:13:57PM +0100, Phil Mayers wrote:
> On 21/08/2013 12:17, Martin Kraus wrote:
> >Hi.
> >I managed to get EAP-TTLS/TLS working but EAP-PEAP/TLS fails after the outer
> 
> Is this really what you mean? TTLS outer and TLS inner, versus PEAP
> outer and TLS inner?
> 
> Because the latter is unlikely to work; it's not a supported combo
> per the PEAP spec.

well looking at man wpa_supplicant I can see

EAP-PEAP/TLS

so I assumed that this is an equivalent of EAP-TTLS/TLS.

also from my google searches it might be possible that windows supports
PEAP/TLS as well as PEAP/MSCHAPV2 and that's the main reason I'm trying to get
it to work because there is no EAP-TTLS/TLS support in windows. 

There is a concern in our organization with security of PEAP/MSCHAPV2 over Eduroam
because we don't really trust supplicants in windows, macs and various phones
to do the right thing (windows phone doesn't check the radius certificate for
example).

I'll paste the full debug tomorrow when I'm back at the office.

Martin


More information about the Freeradius-Users mailing list