Android 802.1x PEAP

Philippe MARASSE philippe.marasse at ch-poitiers.fr
Tue Sep 7 17:21:08 CEST 2021


Hello,

My Android 11 (CalyxOS in fact) by default disables CA checking with
EAP/PEAP+MSCHAPv2

While EAP/PEAP+MSCHAPv2 is the preferred way to authenticate a iOS/macOS
device, on Android I prefer EAP-PWD, faster and if I'm not mistaken, not
less safe than EAP/PEAP without CA checking.

Regards.

Le 25/08/2021 à 12:55, Munroe Sollog a écrit :
> It would seem like Android 11 disables the ability to disable CA checking,
> but I was looking for confirmation
>
> On Tue, Aug 24, 2021 at 8:51 PM Alan DeKok <aland at deployingradius.com>
> wrote:
>
>> On Aug 24, 2021, at 7:47 PM, Munroe Sollog <mus3 at lehigh.edu> wrote:
>>> Has anyone had any success getting an android 11 client to connect to a
>>> network using PEAP *without* side loading the certificate issuing
>> authority
>>> certificate?
>>   You have to (a) configure the CA, or (b) disable all CA checking.  This
>> is how PEAP works.
>>
>>   It's not clear why you would want to do PEAP without checking the CA.
>>
>>   Alan DeKok.
>>
>>
>> -
>> List info/subscribe/unsubscribe? See
>> http://www.freeradius.org/list/users.html

-- 
Philippe MARASSE

Responsable pôle Infrastructures
Direction de l'Informatique, Support à la Communication et à l'Organisation (DISCO)
Centre Hospitalier Henri Laborit
CS 10587 - 370 avenue Jacques Cœur 
86021 Poitiers Cedex
Tel : 05.49.44.57.19


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4095 bytes
Desc: Signature cryptographique S/MIME
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20210907/f56f2387/attachment.bin>


More information about the Freeradius-Users mailing list