EAP-TEAP not doing 2nd inner Method
Alan DeKok
aland at deployingradius.com
Wed Dec 4 17:48:05 UTC 2024
On Dec 4, 2024, at 6:38 AM, Alan DeKok <aland at deployingradius.com> wrote:
> So let's try some FreeRADIUS configuration magic. This is undocumented right now, because "TEAP", but here goes:
In the interest of *not* hating people who use TEAP, I've pushed some patches. They are "compile tested", but I haven't had time to do full TEAP tests.
Please test and see if they work.
The changes are to the TEAP configuration: https://github.com/FreeRADIUS/freeradius-server/blob/v3.2.x/raddb/mods-available/eap#L1145
Set
identity_types = "machine,user"
to do first machine, then user
set
# user_eap_type = mschapv2
# machine_eap_type = tls
to set EAP types for each type of authentication.
The server *should* automatically figure out what to do.
As with most things, these settings can be over-ridden at run time by defining attributes. See the comments in the TEAP module for further documentation.
Alan DeKok.
More information about the Freeradius-Users
mailing list