Alan DeKok aland at
Wed Dec 2 00:25:14 CET 2020

On Dec 1, 2020, at 6:08 PM, Matthew Newton <mcn at> wrote:
> That's my site ;-P

  Then it's perfect and magical.  :)

> The info there is about the only place on the web that describes how PEAP/EAP-TLS works, or at least it was when written. It is old now, but the config still looks pretty correct. As it says, it's the fragment_size thing that actually matters.


>>> Can someone provide a working config for PEAP/EAP-TLS?
> Honestly, why? There's no point now unless you want to slow your authentication down by adding more round trips. The first paragraph on the site says as much.
> Microsoft have removed SoH from Windows 10. There's about no other reason I can think of to do both PEAP and EAP-TLS.
> Just use EAP-TLS on its own. It's simpler, and faster.

  True.  :)

  Alan DeKok.

More information about the Freeradius-Users mailing list