Hi Mike,
We have rightauth set to eap-radius, but I’m yet to find a way of changing the EAP method.
That's the RADIUS server's job, so you should probably contact your provider. It has to request the EAP method it requires to authenticate the clients (it's interesting that it starts with EAP-MD5). However, if the client responds with an expanded Nak message, which lists the EAP methods it supports or wants to use, the server might not be able to initiate a method for which it actually supports MFA. So depending on the client's supported EAP methods, this might not be possible at all.
Regards, Tobias
