EAP-TLS + username/password
Alan DeKok
aland at deployingradius.com
Mon Oct 27 22:26:28 CET 2014
João Alves wrote:
> I currently have a freeradius setup where the client authenticates using
> username/password. My goal is to authenticate the user using a client
> certificate (using EAP-TLS),
Which doesn't use passwords.
> however, I would still like to maintain the
> username/password authentication.
And is therefore impossible.
> Preferably the flow would be something
> like this:
>
> 1.User authenticates to radius_server_1 using EAP_TLS
> 2.radius_server_1 after authenticating the client (and only if
> authentication is sucessful) forwards a request to radius_server_2 with
> the client username/password
> 3.radius_server_2 authenticates client
>
> So only if both radius_server_1 and radius_server_2 authenticate the
> client is the client granted access.
What you're describing is EAP-TTLS with client certificates. That is
possible.
Alan DeKok.
More information about the Freeradius-Users
mailing list