Translate authentication requests
Alan DeKok
aland at deployingradius.com
Fri Sep 23 19:58:54 CEST 2016
On Sep 23, 2016, at 12:27 PM, Laurens Vets <laurens at daemon.be> wrote:
> I've got FreeRADIUS working with both OpenVPN (Android app + Windows) and StrongSwan (Android app). Authentication method used is eap-gtc with SSHA2 passwords. This all works.
>
> I'm now trying to integrate macOS and iOS clients as well, but I'm having a bit of a problem here. When either client sets up a connection to StrongSwan, FreeRADIUS receives an MSCHAPv2 request, which obviously doesn't work with SSHA2 passwords.
>
> Is there a way to either translate or proxy this MSCHAPv2 request into for instance an EAP-GTC request
It's impossible.
http://deployingradius.com/documents/protocols/compatibility.html
> or is there a way to force the client to not use MSCHAPv2?
Update the client configuration. There is nothing you can do to FreeRADIUS which will change the client.
Alan DeKok.
More information about the Freeradius-Users
mailing list