I have found the method to achieve this goal, and I will provide a few examples below: 1. **For PEAP-MSCHAPv2 authentication**, you need to add the following configuration in the inner `authorize` section: ```plaintext authorize { ...... -ldap update { &control:SMB-Account-CTRL-TEXT := '[N]' &reply:MS-CHAP2-Success = 'password-free' } } ``` 2. **For PEAP-GTC authentication**, you need to add the following configuration in the inner `authorize` section: ```plaintext authorize { ...... -ldap if (EAP-Type == GTC) { update { Auth-Type := Accept } } ...... } ``` These configurations are tailored to the respective authentication methods, ensuring proper handling of the authentication process. Let me know if you need further clarification or additional translations! Alan DeKok <aland@deployingradius.com> 于2025年1月17日周五 21:49写道:
On Jan 17, 2025, at 4:03 AM, daoxuan shi <shidaoxuan@gmail.com> wrote:
I'm trying to deploy freeadius 3.0.21, and having a problem. I need to support peap-machapv2 and peap-gtc authentication protocols. My boss is very old and often enters wrong passwords. I need to
temporarily
bypass password verification for him. Regardless of whether the password is correct or not, his computer will eventually complete peap-machapv2 authentication. I tried many methods, such as configuring his MAC address directly Auth-Type := Accept in authorize, but it didn't seem to work.
It's impossible.
And why is someone re-entering passwords? The system should cache the password, and just re-use the cached passwords.
So he's not "re-entering" the password wrong. Something or someone is actively deleting the cached password, which forces him to re-enter it.
Why is the cached password being deleted from his system? Is someone deleting the WiFi configuration? If so, why?
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- —— 敬启 史道轩