listo funcionmiento por usuario y contraseña

freeradius/mods-available/eap

@@ -0,0 +1,41 @@
+eap {
+    default_eap_type = peap
+    timer_expire = 60
+    ignore_unknown_eap_types = no
+    cisco_accounting_username_bug = no
+    max_sessions = ${max_requests}
+
+    tls-config tls-common {
+        private_key_password = whatever
+        private_key_file = ${certdir}/server.pem
+        certificate_file = ${certdir}/server.pem
+        ca_file = ${cadir}/ca.pem
+        dh_file = ${certdir}/dh
+        random_file = /dev/urandom
+        fragment_size = 1024
+        include_length = yes
+        auto_chain = yes
+    }
+
+    tls {
+        tls = tls-common
+    }
+
+    ttls {
+        tls = tls-common
+        default_eap_type = pap
+        virtual_server = "inner-tunnel"
+    }
+
+    peap {
+        tls = tls-common
+        default_eap_type = mschapv2
+        copy_request_to_tunnel = yes
+        use_tunneled_reply = yes
+        virtual_server = "inner-tunnel"
+    }
+
+    mschapv2 {
+    }
+}
+

freeradius/mods-available/rest

@@ -18,4 +18,11 @@ rest {
         method = "post"
         body = "json"
     }
+
+    # Autorize para inner-tunnel (EAP)
+    authorize_inner_tunnel {
+        uri = "http://node:3000/authorize-inner"
+        method = "post"
+        body = "json"
+    }
 }