PEAP/MSCHAP doesn't run post-auth in inner-tunnel for reject?
alan buxey
A.L.M.Buxey at lboro.ac.uk
Sat May 19 13:37:57 CEST 2012
Hi,
> > Am I being dumb / getting something wrong or does the post-auth session
> > not get called if PEAP/MSCHAP returns a reject?
> >
> > It seems to run for successful auths, but not failures.
>
> That is the case.
>
> > This is in the context of us not seeing log messages for EAP auth
> > failures; I suspect that the client may just "hang up" and let the EAP
> > session expire, and since the inner post-auth doesn't run, and the outer
> > session expires, I have no logs.
>
> There was talk about getting it to do Post-Auth-Type Reject in the
> inner tunnel. No code yet, tho.
interesting/useful - I was seeing exactly the same behaviour last week when setting
something up...thought I was going a bit mad and was going to post something
to this lst next week... failed PEAP/MSCHAP doesnt enter the post-auth reject
session whether its local or a remote (proxied) one. I did something else at the time
as a work-around but it would be good to have the failure code hit just as PAP
requests get
alan
More information about the Freeradius-Users
mailing list