On Sep 11, 2019, at 1:53 PM, <ngoetz24@gmail.com> <ngoetz24@gmail.com> wrote:
Is it possible to send a challenge response to a user asking them to enter a OPT (One Time Password) token using PEAP with GTC?
Read raddb/mods-available/eap. There's a "gtc" subsection. Which contains a "challenge" parameter. This is documented.
I have followed the documentation example and got this working with PAP, but our security team will not allow us to use PAP due to security concerns with the week encryption used by PAP.
Your security team is wrong. There are no known security issues with the encryption scheme used by PAP.
The problem I seem to be having is that when I use "challenge" in the authenticate section of the inner-tunnel configuration it seems to break the tunnel. When I do this I get the following error message in the debug:
eap: ERROR: Failed continuing EAP GTC (6) session. EAP sub-module failed.
Don't invent things. Read the documentation. and configure the server as documented. Alan DeKok.