Hello,
We are configuring EAP-GTC in our FreeRADIUS environment (please note that SAS is our authentication server):



![]()

![]()
![]()
![]()
![]()
![]()
![]()
![]()

![]()
![]()
![]()
![]()
![]()
Our questions are:
1) Do you happen to know how do we obtain the plain password provided in the first Access Response message? Currently we attempt to access the active directory by running an external execution program. This means we need to get the password attribute via freeRadius attributes/environment. If we fail to find a way to get the password information from freeRadius environment then we would consider changing our design by writing a freeRadius code module.
2) The PEAP (which is actually a freeRadius instance) is currently configured is to work to proxy all access requests. This is done by setting the “users” configuration file redirect every incoming access request (DEFAULT FreeRADIUS-Proxied-to == 127.0.0.1, Proxy-to-Realm := DEFAULT). Do you know if there is way to apply redirection upon demand (in our case we would like to handle the first access request locally by verifying the username and password against the AD and redirect only the second access request, containing the user’s OTP).
3) The OTP in the second access request is provided as a plain text (over ssl). Is there any way we proxy it to freeRadius agent in a secure way (e.g. MSCHAP2)?
4) Do you have any good references for freeRadius configuration docs?
Regards,
Yariv Levavi
SafeNet's Integration Team