recommendations for max_servers

Arran Cudbard-Bell a.cudbardb at
Wed Sep 24 21:52:12 CEST 2014

> We do not want to have to go to digital certificates just yet as there is a good bit of support overhead and management we just cannot provide at this time.

I would say 90% of that is perceived overhead, not actual. Certificate deployment is pretty easy once you have the infrastructure.
Even since XP days it's been just a few clicks to install personal certs.

> If we agree that AD (EAP-PEAP-MSCHAPv2) is far from ideal, what other EAP types (outside of EAP-PEAP-TLS) do you recommend for end user authentication that is supported by native Windows, iOS, Android, and OSX clients?

There is none. You have PEAP and TLS, none of the other ubiquitously bundled ones provide the keying material required for WPA2-Enterprise.

Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 881 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list