On 01/20/2012 01:08 AM, Matthew Newton wrote:
The 'normal' PEAP with MS-CHAPv2 works fine giving the SoH details, but has to be "user authentication" on the client. EAP-TLS works fine presenting the certificate to connect to the network (Microsoft's so-called "computer auth"), but doesn't, as far as I can tell, do SoH.
Correct.
Is it actually possible to do SoH with certificate-based authentication, or do I have to look towards DHCP for this?
SoH is a PEAP TLV. If the PEAP module is running, it should support SoH regardless of the type of inner-auth.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html