Pedro Ribeiro <pribeiro-bulk@net.ipl.pt> wrote:
I'm trying to make life easier for users that don't configure well the access to our wireless network or are using the wrong credentials.
My idea was to always accept them, but force them to some special network (Vlan) that for every web access redirects them to a page explaining the problem (yes I know Reply-Message is meant to this, but unfortunately Windows doesn't show the message to users ...)
PEAP uses MS-CHAPv2 in the inner tunneled session, which means that the RADIUS server needs the users password to finish the authentication session. Without the password, the session will not finish, and the client will not think it's authenticated.
Does anyone have a similar setup that could give-me some tips (example configuration) ?
It's pretty much impossible. Alan DeKok.