two factor authentication mschapv2 and eat-tls

Alan DeKok aland at
Sun Sep 11 15:42:05 CEST 2016

On Sep 11, 2016, at 2:59 AM, stefan nowak <pionartest at> wrote:
> Is it possible to setup two factor authentication with use mschav2 and eap-tls?

  That's called PEAP.

> My concept is:
> first step is use eap-tls to check if user have valid certificate if
> yes then next should appear prompt with user and password(mschapv2)
> where check data from Active Directory server. User should get access
> only in case when all two steps will success .
> Is it possible to do with freeradius  3.x?

  Is it possible with Windows?


  Then it's impossible.

  Even if it was possible with FreeRADIUS, nothing else in the network will support this authentication mechanism.

  Alan DeKok.

More information about the Freeradius-Users mailing list