On Thu, Aug 22, 2013 at 10:30:54AM +0100, Phil Mayers wrote: > Matthew Newton <[email protected]> wrote: > >On Wed, Aug 21, 2013 at 09:52:14PM +0200, Martin Kraus wrote: > >> well looking at man wpa_supplicant I can see > >> > >> EAP-PEAP/TLS > > > >I think that should be PEAP/EAP-TLS. Otherwise I'm not sure what > >it's talking about. > > > Huh, and I thought MS-PEAP specified only soh and mschap as valid inners. > Nice to see ms honouring their own specs ;o) Or maybe they updated it since I > last read it.
We've been doing it for ~18 months now. Works fine (when the fragment sizes have been set up correctly) so we get domain managed certs and soh. Just a shame you can't do user auth as well at the same time. m. -- Matthew Newton, Ph.D. <[email protected]> Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom For IT help contact helpdesk extn. 2253, <[email protected]> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
