How to send a challenge request via PEAP-GTC
aland at deployingradius.com
Wed Sep 11 20:38:08 CEST 2019
On Sep 11, 2019, at 1:53 PM, <ngoetz24 at gmail.com> <ngoetz24 at gmail.com> wrote:
> Is it possible to send a challenge response to a user asking them to enter a
> OPT (One Time Password) token using PEAP with GTC?
Read raddb/mods-available/eap. There's a "gtc" subsection. Which contains a "challenge" parameter.
This is documented.
> I have followed the
> documentation example and got this working with PAP, but our security team
> will not allow us to use PAP due to security concerns with the week
> encryption used by PAP.
Your security team is wrong. There are no known security issues with the encryption scheme used by PAP.
> The problem I seem to be having is that when I use "challenge" in the
> authenticate section of the inner-tunnel configuration it seems to break the
> tunnel. When I do this I get the following error message in the debug:
> eap: ERROR: Failed continuing EAP GTC (6) session. EAP sub-module failed.
Don't invent things. Read the documentation. and configure the server as documented.
More information about the Freeradius-Users