PEAP Inner Tunnel Question
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Thu Apr 24 10:13:39 CEST 2014
Hi,
> PEAP comes in two flavours for WPA (since you're using a wireless access point based on the debug): PEAPv0 (from Windows XP onwards) and PEAPv1. PEAPv0 (which Microsoft only refers to as PEAP) only works with EAP-SIM or EAP-MSCHAPv2. PEAPv1 (supported by Cisco) adds EAP-GTC as an inner mechanism, so chances are that yes, the supplicant will always select EAP-MSCHAPv2 if it only supports PEAPv0.
there is also PEAP-EAP-TLS - like EAP-TLS but the EAP-TLS is inside the protected tunnel. 'tis true.
> My aim is to only allow MSCHAPV2, however, I also get a good reply from
> the Server if I select
edit eap.conf and your radius virtual servers to remove support for anything you dont want to support.
alan
More information about the Freeradius-Users
mailing list