[strongSwan] IKEv2 + MFA with RADIUS
Tobias Brunner
tobias at strongswan.org
Wed Jun 30 12:11:16 CEST 2021
Hi Mike,
> We have rightauth set to eap-radius, but I’m yet to find a way of
> changing the EAP method.
That's the RADIUS server's job, so you should probably contact your
provider. It has to request the EAP method it requires to authenticate
the clients (it's interesting that it starts with EAP-MD5). However, if
the client responds with an expanded Nak message, which lists the EAP
methods it supports or wants to use, the server might not be able to
initiate a method for which it actually supports MFA. So depending on
the client's supported EAP methods, this might not be possible at all.
Regards,
Tobias
More information about the Users
mailing list