Hello everyone.
We want to use forgerock with radius to authenticate users to the wifi.
Do you know how to configure eap mschapv2 on the server?
Is this type of configuration supported?
Greetings @jrauda2
Thank you for the inquiry,
AM supports Radius in Bothe the server role and the client role.
Details of the implementation and setup are found here:
https://backstage.forgerock.com/docs/am/7.4/radius-server-guide/preface.html
In particular, the ootb Authentication Module for AM in the client role supports these properties:
https://backstage.forgerock.com/docs/am/7.4/authentication-guide/auth-modules.html#authn-radius
The ootb server role supports these properties:
https://backstage.forgerock.com/docs/am/7.4/reference/global-services-configuration.html#global-radiusserverservice
For specifics of known issues and support, please see the AM Release Notes:
https://backstage.forgerock.com/docs/am/latest/release-notes/preface.html
I will need to review the eap mschapv2 specifics. Do note that this is not explicitly called out and may require customization of the handler class.
Cheers.
1 Like
Following up on the supported configurations provided by @grpensa -
We support the RADIUS protocols as defined by RFC 2865:
https://tools.ietf.org/html/rfc2865#section-5
However, I do not see any references to EAP-MSCHAPv2 in the RFC.
The RFC does list the following as supported:
4. CHAP
5. PAP
I hope this helps.