EAP-PEAP MSCHAPv2 with Python Module

Gary Gwin garygwin at gmail.com
Thu Nov 9 00:53:44 CET 2017


I've configured and tested the EAP-PEAP MSCHAPv2 basic example as
documented with FreeRADIUS 3.0.12 using a Windows 10 supplicant
configured for WPA2 Enterprise.

Instead of using the FreeRADIUS users file for authentication, I want
to use a custom Python module in the inner-tunnel (I presume) to
authenticate the user with a REST API.

1) How do I know in the Python module when to get in the middle of the
multi-step eap authentication without causing problems?

2) How do I get the User-Password?

I've seen posts that suggest the User-Password might be sent encrypted
in the EAP-Message. If that's the case:

3) How do I know how to decrypt the EAP-Message?

4) Anything else I need to know?

Thanks,

Gary


More information about the Freeradius-Users mailing list