We are happily (within reason) supporting PEAP-MSCHAPv2. I would also like to start supporting EAP-TLS for certain clients.
It seems safest to leave default_eap_type=peap and rely on supplicants configured for EAP-TLS (probably just MacOS and Windows 7+) to counter with EAP-Acknowledge(EAP-MD5). Does this work in practice? (How) can I configure my certificate subject resolution such that EAP-TLS authenticated users follow exactly the same role+VLAN derivation logic as PEAP users? Do any other parts of the PacketFence FreeRADIUS (or beyond) configuration need to be altered to accommodate EAP-TLS? -- Rich Graves <[email protected]> Carleton.edu Sr UNIX and Security Admin CMC135: 507-222-7079 Cell: 952-292-6529 ------------------------------------------------------------------------------ Comprehensive Server Monitoring with Site24x7. Monitor 10 servers for $9/Month. Get alerted through email, SMS, voice calls or mobile push notifications. Take corrective actions from your mobile device. http://pubads.g.doubleclick.net/gampad/clk?id=154624111&iu=/4140/ostg.clktrk _______________________________________________ PacketFence-users mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/packetfence-users
