EAP-PEAP GTC vs MSCHAPv2
Alan DeKok
aland at deployingradius.com
Fri Sep 27 04:54:57 CEST 2013
Don wrote:
> That said, if EAP-GTC can be used along with ntlm_auth how do I
> configure it to make that work?
Read the "gtc" sub-section of eap.conf. It tells you how to make
EAP-GTC use a particular authentication method.
> I tried to execute ntlm_auth passing
> --password=%{User-Password}, but that didn't work as User-Password is
> empty.
You tried *where*? That matters.
> It says in eap.conf that GTC challenges the user with text and
> the response from the user is taken to be the User-Password. Perhaps I
> am executing ntlm_auth too early before GTC Password challenge is sent
> out and received the response.
>
> My questions are:
> 1. How can I configure freeRadius so GTC will work with ntlm_auth?
a) configure ntlm_auth as per the deployingradius.com docs, and the
examples in the config files
b) tell EAP-GTC to use ntlm_auth as per the examples in the gtc
configuration.
> 2. Is it possible to send subsequent GTC challenge in addition to
> default Password challenge? If possible, how do I configure the
> subsequent GTC challenge?
No. EAP-GTC is only challenge-response. It doesn't do multiple
challenges.
Alan DeKok.
More information about the Freeradius-Users
mailing list