PEAP/MSCHAP doesn't run post-auth in inner-tunnel for reject?

Alan DeKok aland at deployingradius.com
Fri May 18 23:23:27 CEST 2012


Phil Mayers wrote:
> Am I being dumb / getting something wrong or does the post-auth session
> not get called if PEAP/MSCHAP returns a reject?
> 
> It seems to run for successful auths, but not failures.

  That is the case.

> This is in the context of us not seeing log messages for EAP auth
> failures; I suspect that the client may just "hang up" and let the EAP
> session expire, and since the inner post-auth doesn't run, and the outer
> session expires, I have no logs.

  There was talk about getting it to do Post-Auth-Type Reject in the
inner tunnel.  No code yet, tho.

  Alan DeKok.


More information about the Freeradius-Users mailing list