FreeRadius EAP-GTC mode

Alan DeKok aland at
Sat Jul 19 22:33:45 CEST 2014

Levavi, Yariv wrote:
> We are trying to configure our FreeRadius environment to work with
> EAP-GTC (2 factor authentication):
> 1)      When configuring working in proxy mode – the client (Netmotion
> 10.11) does not pop second authentication login screen (“password:”).
> Can you tell why or what should we configure differently in order to
> make it work?

  Ask Netmotion how their systems work.

  I don't see why proxying would make any difference.

> 2)      The pratical configuration we are trying to get is – first
> authentication will be against AD and the second one (response to
> Access_Challenge) against forwarded Radius Authentication server. How
> can this be configured?

  I'm not sure what you're doing.  As always, look at the debug output.
 If you can read it and tell the difference between step 1 and step 2,
then you can write "unlang" policies to key off of those differences.

  As with anything RADIUS, almost *everything* is in the RADIUS packets.
 If it's not in the RADIUS packet, it pretty much doesn't exist.  Maybe
sometimes you can put information into a database, but you've got to
manage that yourself.

  Alan DeKok.

More information about the Freeradius-Users mailing list