On Apr 24, 2007, at 7:30 PM, Alan DeKok wrote:
Which isn't supported in FreeRADIUS. If you tried using it on theclient side, and running the server in debugging mode, the server wouldtell you it isn't supported. I'm not even sure that the Windows supplicant supports it.
It *is* supported by the Windows supplicant, and I'm pretty sure it wouldn't be that difficult to enable support in FR (removing one or two lines, IIRC). EAP-TLS inside of PEAP allows for the inner ("real") identity exchange to be obfuscated inside the tunnel since the outer identity doesn't have to match the inner identity. I've never used the PEAP-EAP-TLS functionality before myself in Windows, but if its anything like the PEAP-EAP-MSCHAPv2 support, this argument doesn't really mean anything since the inner and outer identities are both set to the real identity in the Windows supplicant...
Description: S/MIME cryptographic signature
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html