Alan DeKok aland at deployingradius.com
Fri Sep 27 04:54:57 CEST 2013

Don wrote:
> That said, if EAP-GTC can be used along with ntlm_auth how do I
> configure it to make that work?

  Read the "gtc" sub-section of eap.conf.  It tells you how to make
EAP-GTC use a particular authentication method.

> I tried to execute ntlm_auth passing
> --password=%{User-Password}, but that didn't work as User-Password is
> empty.

  You tried *where*?  That matters.

> It says in eap.conf that GTC challenges the user with text and
> the response from the user is taken to be the User-Password. Perhaps I
> am executing ntlm_auth too early before GTC Password challenge is sent
> out and received the response.
> My questions are:
> 1. How can I configure freeRadius so GTC will work with ntlm_auth?

  a) configure ntlm_auth as per the deployingradius.com docs, and the
examples in the config files

  b) tell EAP-GTC to use ntlm_auth as per the examples in the gtc

> 2. Is it possible to send subsequent GTC challenge in addition to
> default Password challenge? If possible, how do I configure the
> subsequent GTC challenge?

  No.  EAP-GTC is only challenge-response.  It doesn't do multiple

  Alan DeKok.

More information about the Freeradius-Users mailing list