RHEL 9 - Wired 802.1x - Is Microsoft's PEAP-EAP-TLS supported and how to configure it?

Posted on

We are trying to configure wired 802.1x on a RHEL 9 machine, but we are having issues getting it to work with a Microsoft Windows Network Policy Server (NPS).
The NPS server is configured with an authentication method of "Microsoft: Protected EAP (PEAP)" and "Eap types" of "Smart Card or other Certificates".

According to this website Microsoft created its own protocol (PEAP-EAP-TLS), which uses certificates for the outter and also for the inner authentication:
https://www.wiresandwi.fi/blog/peap-eap-tls-vs-eap-tls

The wiki of FreeRADIUS states that PEAP-EAP-TLS "Microsoft supports another form of PEAPv0 (which Microsoft calls PEAP-EAP-TLS) that Cisco and other third-party server and client software don’t support. [...]":
https://wiki.freeradius.org/protocol/EAP-PEAP#types_peap-eap-tls

So the question is, does RHEL9 support Microsoft's PEAP-EAP-TLS protocol for wired 802.1x and if so, how can it be configured?

NPS configuration:
NPS Authentication settings

NPS Authentication settings cont'd

Thank you in advance,

Patrick

Responses