On Apr 24, 2007, at 7:30 PM, Alan DeKok wrote:

  Which isn't supported in FreeRADIUS.  If you tried using it on the
client side, and running the server in debugging mode, the server would
tell you it isn't supported.  I'm not even sure that the Windows
supplicant supports it.


It *is* supported by the Windows supplicant, and I'm pretty sure it wouldn't be that difficult to enable support in FR (removing one or two lines, IIRC). EAP-TLS inside of PEAP allows for the inner ("real") identity exchange to be obfuscated inside the tunnel since the outer identity doesn't have to match the inner identity. I've never used the PEAP-EAP-TLS functionality before myself in Windows, but if its anything like the PEAP-EAP-MSCHAPv2 support, this argument doesn't really mean anything since the inner and outer identities are both set to the real identity in the Windows supplicant...

--Mike

Attachment: smime.p7s
Description: S/MIME cryptographic signature

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to