Regarding providing Custom TOTP MFA in freeradius
Dineshkumar pachamuthu
dineshkumar.pachamuthu at gmail.com
Thu May 2 14:58:06 UTC 2024
Hi Alan
Thanks for the suggestion. By changing "*default_eap_type = eap-ttls*" and
inside of ttls configuration "*default_eap_type = pap*" (commented all
other auth type of EAP) , everything worked fine in the Windows machine.
However in iphones and mac machines, I getting peer not accepting error as
follows:
eap: Expiring EAP session with state 0x282049aa28215c6d
(38) eap: Finished EAP session with state 0x282049aa28215c6d
(38) eap: Previous EAP request found for state 0x282049aa28215c6d, released
from the list
(38) eap: Peer sent packet with method EAP NAK (3)
(38) eap: *Peer NAK'd asking for unsupported EAP type MSCHAPv2 *(26),
skipping...
(38) eap: ERROR: No mutually acceptable types found
But I read that the iPhone supports EAP-TTLS/PAP (not sure on this). Do
I need to change any other settings to make client/supplicant send access
requests as EAP-TTLS/PAP.
Thanks,
Dineshkumar
On Tue, Apr 30, 2024 at 11:02 PM Alan DeKok <aland at deployingradius.com>
wrote:
> On Apr 30, 2024, at 1:21 PM, Dineshkumar pachamuthu <
> dineshkumar.pachamuthu at gmail.com> wrote:
> >
> > Sorry for the misunderstanding. I mean can we force EAP-TTLS over
> Access-Request of PEAP request before tunnel is established,, i.e force a
> particular EAP in supplicant over another in freeradius using NAK or any
> other way?
>
> You can set EAP-Type, and that's the EAP type which will be used . See
> the documentation in mods-available/eap.
>
> Alan Dekok.
>
>
More information about the Freeradius-Devel
mailing list