17 Jan
2006
17 Jan
'06
7:15 p.m.
Matteo Paoli <paoli@lenst.det.unifi.it> wrote:
For example, the supplicant starts the eap-tls and the authentication is ok. But the server radius don't send Access Accept but it requests a new authentication (for example eap-md5). If also eap-md5 is ok, the supplicant is authenticated.
No. EAP doesn't work like that. If that's what you want, I suggest PEAP with client certificates.
It's possible that the first authentication is forwarded to remote radius server and the second one is resolved locally?
RADIUS doesn't work like that. I have no idea what you're trying to do, but your proposed implementation doesn't match how supplicants, EAP, or RADIUS works. Alan DeKok.