EAP-PEAP GTC vs MSCHAPv2

Don petaluma007 at gmail.com
Fri Sep 27 02:31:25 CEST 2013


All,

I have successfully configured freeRadius using EAP-PEAP with:
1. GTC to authenticate user against local password
2. MSCHAPv2 to authenticate user against Active Directory via ntlm_auth
following instructions on this link:
http://wiki.freeradius.org/guide/FreeRADIUS-Active-Directory-Integration-HOWTO

I also understand from reading this link that EAP-GTC can be used
(compatible) with ntlm_auth:
http://deployingradius.com/documents/protocols/compatibility.html

That said, if EAP-GTC can be used along with ntlm_auth how do I configure
it to make that work? I tried to execute ntlm_auth passing
--password=%{User-Password}, but that didn't work as User-Password is
empty. It says in eap.conf that GTC challenges the user with text and the
response from the user is taken to be the User-Password. Perhaps I am
executing ntlm_auth too early before GTC Password challenge is sent out and
received the response.

My questions are:
1. How can I configure freeRadius so GTC will work with ntlm_auth?
2. Is it possible to send subsequent GTC challenge in addition to default
Password challenge? If possible, how do I configure the subsequent GTC
challenge?


Thank you.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130926/a2f4711a/attachment.html>


More information about the Freeradius-Users mailing list