Wi-Fi WPA EAP type negotiation question

d tbsky tbskyd at gmail.com
Thu Dec 29 03:41:43 UTC 2022

   I had used freeradius EAP-PEAP-MSCHAPv2 + EAP-PEAP-GTC with Wi-Fi
for several years. I had a concept in mind (which seems wrong) that a
client would send EAP requests blindly. so client and server should
set up correct EAP type parameters before connection.

  When I found that Win10 supports EAP-TTLS natively, I tried to use
it. and I found that when I switch EAP-PEAP/EAP-TTLS settings at
freeradius, Win10 and IOS/MacOS would detect it automatically and use
the correct EAP type. I use "radiusd -X" to monitor the traffic, it
seems freeradius would send something to the client at first response,
although I don't know what's inside the EAP Message.

  I found Win10 will auto detect/support
IOS/MacOS didn't detect EAP-TTLS-PAP. so I don't know if
"default_eap_type = pap" is a correct parameter under the ttls
section. Win10/Win11 will auto detect and accept PEAP-TTLS-GTC as
PEAP-TTLS-PAP which seems strange but a good thing to me.Android seems
lazy and doesn't auto-detect anything and just wants the user to input
EAP parameters manually.

  Is there documents about what's behind the scene?  Can I decode the
EAP Message to know what information is exchanged between client and

  Thanks a lot for the clarification!!


More information about the Freeradius-Users mailing list