OS / Protocol Compatibility

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Apr 7 21:38:37 CEST 2017


> On Apr 7, 2017, at 3:31 PM, Alan DeKok <aland at deployingradius.com> wrote:
> 
> On Apr 7, 2017, at 3:17 PM, David Teston <dteston at georgialibraries.org> wrote:
>> Where can I find a protocol compatibility matrix for each OS?
> 
>  Nowhere in particular.  Feel free to update the wiki.
> 
>> I would like
>> to find something like this
>> <http://deployingradius.com/documents/protocols/compatibility.html> for all
>> major OS's.
>> 
>> For example:
>> iOS - PEAP, CHAP
>> Android - PAP
> 
>  For WifI?  Nope.  TTLS.
> 
>> Windows 7 - EAP-TLS, MS-CHAP
>> Windows 10 - EAP-GTC, EAP-TLS
> 
>  Both are PEAP.
> 
>> MacOS - PEAP
> 
>  and TTLS.
> 
>> Also, can we prioritize the protocols?
> 
>  Nope.  The client chooses the protocol.  The server either rejects the request or accepts it.
> 
>> Since PAP is the least secure, I'd
>> like clients to try the other protocols and use PAP as the last option.
> 
>  There is no way to prioritize protocols in EAP.

Not entirely true, you can at least choose what the initial proposal is, but after that it's up to the client.

	https://github.com/FreeRADIUS/freeradius-server/blob/v4.0.x/raddb/mods-available/eap#L28

-Arran
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20170407/6358df3c/attachment.sig>


More information about the Freeradius-Users mailing list