diff --git a/net/freeradius/src/opnsense/mvc/app/controllers/OPNsense/Freeradius/forms/eap.xml b/net/freeradius/src/opnsense/mvc/app/controllers/OPNsense/Freeradius/forms/eap.xml
index cb032d2fc..1f9cc42dc 100644
--- a/net/freeradius/src/opnsense/mvc/app/controllers/OPNsense/Freeradius/forms/eap.xml
+++ b/net/freeradius/src/opnsense/mvc/app/controllers/OPNsense/Freeradius/forms/eap.xml
@@ -29,6 +29,17 @@
dropdown
Choose the certificate the Radius service should use.
+
+ eap.enable_pwd
+
+ checkbox
+ This enables EAP-PWD authentication
+
+
+ eap.pwd_serverid
+
+ text
+
eap.crl
diff --git a/net/freeradius/src/opnsense/mvc/app/models/OPNsense/Freeradius/Eap.xml b/net/freeradius/src/opnsense/mvc/app/models/OPNsense/Freeradius/Eap.xml
index 9bab64ac5..6a18117fe 100644
--- a/net/freeradius/src/opnsense/mvc/app/models/OPNsense/Freeradius/Eap.xml
+++ b/net/freeradius/src/opnsense/mvc/app/models/OPNsense/Freeradius/Eap.xml
@@ -9,6 +9,7 @@
N
MD5
+ PWD
MSCHAPv2
PEAP
TLS
@@ -37,6 +38,14 @@
cert
N
+
+ 0
+ Y
+
+
+ theserver@example.com
+ Y
+
crl
N
diff --git a/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/mods-enabled-eap b/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/mods-enabled-eap
index 954edf8b6..82577438a 100644
--- a/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/mods-enabled-eap
+++ b/net/freeradius/src/opnsense/service/templates/OPNsense/Freeradius/mods-enabled-eap
@@ -87,12 +87,13 @@ eap {
}
+{% if OPNsense.freeradius.eap.enable_pwd == '1' %}
# EAP-pwd -- secure password-based authentication
#
- #pwd {
+ pwd {
# group = 19
- # server_id = theserver@example.com
+ server_id = {{ OPNsense.freeradius.eap.pwd_serverid }}
# This has the same meaning as for TLS.
#
@@ -106,7 +107,8 @@ eap {
# no User-Password, CHAP-Password, EAP-Message, etc.
#
# virtual_server = "inner-tunnel"
- #}
+ }
+{% endif %}
# Cisco LEAP