Jason Wittlin-Cohen wrote: > I already do that with the Juniper Access Client. The problem is that > the client certificate has the user's name as the Common Name and that > is sent in the clear. PEAP/EAP-TLS sends the user's certificate through > the tunnel obviating the issue. I admit this isn't a large problem but > it would be a nice feature to have.
FreeRADIUS doesn't support RFC 5216, it's too new. It has been tested with PEAPv0/EAP-TLS in the past, but it's not a common configuration. So it might not work now. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html