FreeRadius EAP-GTC mode
Alan DeKok
aland at deployingradius.com
Sat Jul 19 22:33:45 CEST 2014
Levavi, Yariv wrote:
> We are trying to configure our FreeRadius environment to work with
> EAP-GTC (2 factor authentication):
>
> 1) When configuring working in proxy mode – the client (Netmotion
> 10.11) does not pop second authentication login screen (“password:”).
> Can you tell why or what should we configure differently in order to
> make it work?
Ask Netmotion how their systems work.
I don't see why proxying would make any difference.
> 2) The pratical configuration we are trying to get is – first
> authentication will be against AD and the second one (response to
> Access_Challenge) against forwarded Radius Authentication server. How
> can this be configured?
I'm not sure what you're doing. As always, look at the debug output.
If you can read it and tell the difference between step 1 and step 2,
then you can write "unlang" policies to key off of those differences.
As with anything RADIUS, almost *everything* is in the RADIUS packets.
If it's not in the RADIUS packet, it pretty much doesn't exist. Maybe
sometimes you can put information into a database, but you've got to
manage that yourself.
Alan DeKok.
More information about the Freeradius-Users
mailing list