EAP-TLS and OS X clients

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed Feb 20 15:03:40 CET 2013


> Eventually, though, it turned out that the most important issue was
> with OS X 10.7 (Lion). With this particular version of Apple's OS,

yes, I know. Apple suck for doing this.  I manage campus network at
Loughborough university and eduroam federation in the UK
and so am well aware of OSX and their idea of making OSX have the
same .mobileconfig method as iOS.

you might want to look into 'eduroam CAT' tool - as your NREN
federation/eduroam people about it.

whoa re your instructions aimed at? I worry a great deal about them
because you arent telling them to install/verify a CA or a RADIUS server
for the connection (thus basically negating the whole point of PKI!)
and the site might use EAP-FAST (some places actually do more than
just EAP-TTLS).  also, end users dont need to run this tool! you
(the admin) so all the hard work of configuring the profile and
then just provide the end user/customer the *SIGNED* mobileconfig file


More information about the Freeradius-Users mailing list