EAP-TLS and OS X clients

Jaap Winius jwinius at umrk.nl
Wed Feb 20 16:00:28 CET 2013

Quoting A.L.M.Buxey at lboro.ac.uk:

> you might want to look into 'eduroam CAT' tool - as your NREN
> federation/eduroam people about it.

Thanks very much! I'll look into it.

> whoa re your instructions aimed at? I worry a great deal about them
> because you arent telling them to install/verify a CA or a RADIUS server
> for the connection (thus basically negating the whole point of PKI!)
> and the site might use EAP-FAST (some places actually do more than
> just EAP-TTLS).  also, end users dont need to run this tool! you
> (the admin) so all the hard work of configuring the profile and
> then just provide the end user/customer the *SIGNED* mobileconfig file

Oh, hey, I thought I was just sharing this information with a bunch of  
lazy sysadmins, some of whom might be interested to know how I  
eventually managed to connect OS X 10.7 (Lion) hosts to my wifi network.

As I mentioned in my previous post, I did not author those  
instructions. I'm also not in the habit of re-posting information  
written by others, but although they may not be perfect, I thought  
they were helpful and then suddenly became worried that Apple might  
make them disappear at one point or another (it wasn't exactly easy  
information to find).

Moreover, I explained that I was using a WPA2-Enterprise configuration  
with Freeradius 2.1.0, EAP-TLS and 4096-bit SHA-1 in my first post in  
this thread on Sunday 17 Feb.



More information about the Freeradius-Users mailing list