28 Aug
2007
28 Aug
'07
8:34 a.m.
I have setup authentication against AD according to: http://wiki.freeradius.org/FreeRADIUS_Active_Directory_Integration_HOWTO This works as expected. If the client's certificate is expired, eap/tls will, of course, fail. In this case a guest vlan shall be assigned to the client. Having a module, that adds the needed radius-attributes seems to work, if an additional Auth-Type += Accept is added. Doing this, the eap-tls is short-circuited and may result in a: Incoming RADIUS packet did not have correct Message-Authenticator - dropped message on the client side. Is this acceptable? What would be the best way to handle a situation like that? Norbert Wegener