Certificate problem between 3.0.11 and 3.1.x
Jonathan Gazeley
Jonathan.Gazeley at bristol.ac.uk
Tue Mar 15 17:06:47 CET 2016
On 15/03/16 16:00, Matthew Newton wrote:
> On Tue, Mar 15, 2016 at 03:53:25PM +0000, Jonathan Gazeley wrote:
>> On 15/03/16 15:47, Arran Cudbard-Bell wrote:
>>> Any idea what machine auth actually is. Is it something weird like EAP-TLS in EAP-TLS?
>>
>> It's EAP-PEAP using the default Windows supplicant.
>
> What's the inner? MSCHAPv2 or EAP-TLS.
MSCHAPv2.
>
> i.e "Machine auth" with domain credentials (machine account p/w)
> or certificates?
With domain credentials.
>
> PEAP/EAP-TLS runs into MTU issues as Arran said, but I'd expect
> that to be the same on 3.0.x and 3.1.x. But you probably need to
> enable debugging on the Windows supplicant side and see what it's
> complaining about.
Groan. I'm not a Windows guy :)
I'm just puzzled by the apparent difference in behaviour between 3.0.11
and 3.1.x when neither the certificates nor the clients have been
changed. I'll keep looking.
Thanks,
Jonathan
More information about the Freeradius-Users
mailing list