a.cudbardb at freeradius.org
Fri Oct 4 22:33:13 CEST 2019
> On 3 Oct 2019, at 07:04, Alan DeKok <aland at deployingradius.com> wrote:
> On Oct 3, 2019, at 5:45 AM, Alberto Martínez Setién <alberto.martinez at deusto.es> wrote:
>> I thought that default_eap_type worked that way
> No, it works the way it's documented to work. The default_eap_type is what the server *suggests* that the client use.
> If you read the debug output, you would see that the client sends a NAK to that request, and instead asks for a different EAP type.
> But even then, default_eap_type applies to *EAP*. It doesn't apply to PAP or MSCHAPv2.
>> Does iOS prefer doing TTLS + MS-CHAPv2 over TTLS-PAP?
> Generally, yes. Why? Ask Apple. We didn't write iOS.
>> There is no way of letting it know the preferred method without the use of a WiFi profile?
> Generally, no. Why? Ask Apple. We didn't write iOS.
>> I believe that this is an answer to my question before. But is it really so? Does the iPad always do TTLS+MSCHAPv2 when trying to connect to an unconfigured 802.1x network?
> Why are you asking us that question? We didn't write iOS.
If it's EAP-MSCHAPv2 then it's using it because it provides a negotiation mechanism.
i.e. the supplicant and server can negotiate an inner tunnel method, so it's the most broadly compatible way of running EAP-TTLS.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
More information about the Freeradius-Users