On Wed, Aug 21, 2013 at 01:13:57PM +0100, Phil Mayers wrote: > On 21/08/2013 12:17, Martin Kraus wrote: > >Hi. > >I managed to get EAP-TTLS/TLS working but EAP-PEAP/TLS fails after the outer > > Is this really what you mean? TTLS outer and TLS inner, versus PEAP > outer and TLS inner? > > Because the latter is unlikely to work; it's not a supported combo > per the PEAP spec.
well looking at man wpa_supplicant I can see EAP-PEAP/TLS so I assumed that this is an equivalent of EAP-TTLS/TLS. also from my google searches it might be possible that windows supports PEAP/TLS as well as PEAP/MSCHAPV2 and that's the main reason I'm trying to get it to work because there is no EAP-TTLS/TLS support in windows. There is a concern in our organization with security of PEAP/MSCHAPV2 over Eduroam because we don't really trust supplicants in windows, macs and various phones to do the right thing (windows phone doesn't check the radius certificate for example). I'll paste the full debug tomorrow when I'm back at the office. Martin - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
