Wi-Fi WPA EAP type negotiation question
d tbsky
tbskyd at gmail.com
Thu Dec 29 03:41:43 UTC 2022
Hi:
I had used freeradius EAP-PEAP-MSCHAPv2 + EAP-PEAP-GTC with Wi-Fi
for several years. I had a concept in mind (which seems wrong) that a
client would send EAP requests blindly. so client and server should
set up correct EAP type parameters before connection.
When I found that Win10 supports EAP-TTLS natively, I tried to use
it. and I found that when I switch EAP-PEAP/EAP-TTLS settings at
freeradius, Win10 and IOS/MacOS would detect it automatically and use
the correct EAP type. I use "radiusd -X" to monitor the traffic, it
seems freeradius would send something to the client at first response,
although I don't know what's inside the EAP Message.
I found Win10 will auto detect/support
EAP-PEAP-MSCHAPv2/PEAP-TTLS-GTC/PEAP-TTLS-PAP. IOS/MacOS will auto
detect/support EAP-PEAP-MSCHAPv2/EAP-PEAP-GTC/EAP-TTLS-GTC. but
IOS/MacOS didn't detect EAP-TTLS-PAP. so I don't know if
"default_eap_type = pap" is a correct parameter under the ttls
section. Win10/Win11 will auto detect and accept PEAP-TTLS-GTC as
PEAP-TTLS-PAP which seems strange but a good thing to me.Android seems
lazy and doesn't auto-detect anything and just wants the user to input
EAP parameters manually.
Is there documents about what's behind the scene? Can I decode the
EAP Message to know what information is exchanged between client and
server?
Thanks a lot for the clarification!!
Regards,
tbskyd
More information about the Freeradius-Users
mailing list