Simultaneous EAP-TLS and PEAP-MSCHAPv2 (machine/user authentication)
Matthew Newton
mcn4 at leicester.ac.uk
Mon Dec 28 23:11:09 CET 2015
On Sat, Dec 26, 2015 at 10:24:34PM +0000, Nick Lowe wrote:
> That's with EAP-TLS as the inner to EAP-PEAP, which we know works. You
> don't have a second factor at that point though because the client cert is
> only via the inner. In the case that EAP-MS-CHAPv2 is the inner, you can't
> use a client cert.
Yes, we're doing PEAP/EAP-TLS with windows; that works fine.
It's requiring a client cert when using PEAP/EAP-MSCHAPv2 where it
bombs out. Tried a lot of combinations, but it was 2-3 years ago
so I can't remember what...
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list