Chaining system authentication methods
sautronnick at yahoo.fr
Wed Jan 28 08:32:12 CET 2015
So in my case,
in eap.conf file
I put the default peap method, and I also configures the TTLS method?
the customer can use the method peap and TTLS too ?
Le Mercredi 28 janvier 2015 11h13, Arran Cudbard-Bell <a.cudbardb at freeradius.org> a écrit :
> On 28 Jan 2015, at 13:25, Sautron Nick <sautronnick at yahoo.fr> wrote:
> Hello everyone,
> I wonder if it is possible to establish a chaining system authentication methods.
> In my case I would need to have the peap method first and then the TTLS method.
Your example doesn't show method chaining. It shows method negotiation
which is a fundamental part of the EAP protocol.
EAP method is possible, but not supported by FreeRADIUS or by many (any?)
> - An unauthenticated client
> - The server offers to the method peap
> - The method is not compatible according to the customer
> - The server offers to the TTLS method
> - Authenticated Client
Yes, thats how EAP negotiation works currently, but I believe the supplicant
sends back the method it wants to continue with after the initial offer by
The default method the server offers, is configurable in the EAP module.
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team
FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2
More information about the Freeradius-Users