debian, wpa_supplicant, TTLS/TLS working, PEAP/TLS fails

Matthew Newton mcn4 at
Thu Aug 22 20:06:16 CEST 2013

On Thu, Aug 22, 2013 at 10:30:54AM +0100, Phil Mayers wrote:
> Matthew Newton <mcn4 at> wrote:
> >On Wed, Aug 21, 2013 at 09:52:14PM +0200, Martin Kraus wrote:
> >> well looking at man wpa_supplicant I can see
> >> 
> >
> >I think that should be PEAP/EAP-TLS. Otherwise I'm not sure what
> >it's talking about.
> >
> Huh, and I thought MS-PEAP specified only soh and mschap as valid inners. Nice to see ms honouring their own specs ;o) Or maybe they updated it since I last read it.

We've been doing it for ~18 months now. Works fine (when the
fragment sizes have been set up correctly) so we get domain
managed certs and soh. Just a shame you can't do user auth as
well at the same time.


Matthew Newton, Ph.D. <mcn4 at>

Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at>

More information about the Freeradius-Users mailing list