response sent after do_not_respond called
Alberto Martínez Setién
alberto.martinez at deusto.es
Thu May 17 11:13:39 CEST 2018
Hi all,
Thanks to this thread I discovered the do_not_respond policy, but similarly
to the OP issue, we have a use case that would require the do_not_respond
policy to be used in post-auth.
We set a EAP submodule which presents a bogus certificate and, while some
supplicants drop the auth attempt, others (like Android and Windows 7)
continue in a way that provokes the FR server to send an Access-Reject
packet.
Android just attempts the auth a bit later. That's okay.
Windows 7 prompts the user with the creds input window. This is not okay.
We are actually avoiding doing this to Windows 7 supplicants.
We would want the server to drop the Access-Reject packet as if
communication was lost so Windows 7 never asks for new credentials in this
situation.
Could this be in 3.0.x some time?
Regards.
El mar., 8 may. 2018 a las 16:42, Alan DeKok (<aland at deployingradius.com>)
escribió:
> On May 4, 2018, at 1:59 AM, Geoffrey D. Bennett <g at netcraft.com.au> wrote:
> > Thanks for the pointer. Please find attached a patch relative to
> > v3.0.x. Is this the right way to go about it?
>
> Sort of. The patch checks for it *always*, when I think it's only
> really needed for Access-Reject packets.
>
> I'll take a look.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
--
Alberto Martínez Setién
Middleware
Comunicación y Sistemas
Servicio Informático
Universidad de Deusto
Avda. de las Universidades, 24
48007 - Bilbao (SPAIN)
Phone: +34 944 139 000 Ext. 2859
Fax: +34 944 139 101
More information about the Freeradius-Users
mailing list