On 28 Aug 2013, at 15:38, Phil Mayers <p.may...@imperial.ac.uk> wrote:
> On 28/08/13 15:11, Arran Cudbard-Bell wrote:
>>
>> On 28 Aug 2013, at 15:01, Phil Mayers <p.may...@imperial.ac.uk> wrote:
>>
>>> On 28/08/13 14:49, Arran Cudbard-Bell wrote:
>>>
>>>> Does anyone have a configuration which gets it down to a single LDAP query
>>>> for PEAP?
>>>
>>> What inner?
>>
>> MSHCAPv2 - I thought PEAPv0 was only MSCHAPv2?
>
> Apparently not; you can apparently run EAP-TLS inside PEAP, which is a new
> one on me.
>
> For PEAP/MSCHAP, under 2.x the link someone posted to my horrible hack works.
> Or under 3.x, "eap { ok = return }" in the inner-tunnel also works.
OK. Just wondering if you could really get it down to a single lookup, IIRC you
needed the 'known good' NT-Password data for a couple of rounds of MSCHAPv2?
-Arran
Arran Cudbard-Bell <a.cudba...@freeradius.org>
FreeRADIUS Development Team
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
