Hi all, Thanks to this thread I discovered the do_not_respond policy, but similarly to the OP issue, we have a use case that would require the do_not_respond policy to be used in post-auth. We set a EAP submodule which presents a bogus certificate and, while some supplicants drop the auth attempt, others (like Android and Windows 7) continue in a way that provokes the FR server to send an Access-Reject packet. Android just attempts the auth a bit later. That's okay. Windows 7 prompts the user with the creds input window. This is not okay. We are actually avoiding doing this to Windows 7 supplicants. We would want the server to drop the Access-Reject packet as if communication was lost so Windows 7 never asks for new credentials in this situation. Could this be in 3.0.x some time? Regards. El mar., 8 may. 2018 a las 16:42, Alan DeKok (<aland@deployingradius.com>) escribió:
On May 4, 2018, at 1:59 AM, Geoffrey D. Bennett <g@netcraft.com.au> wrote:
Thanks for the pointer. Please find attached a patch relative to v3.0.x. Is this the right way to go about it?
Sort of. The patch checks for it *always*, when I think it's only really needed for Access-Reject packets.
I'll take a look.
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-- Alberto Martínez Setién Middleware Comunicación y Sistemas Servicio Informático Universidad de Deusto Avda. de las Universidades, 24 48007 - Bilbao (SPAIN) Phone: +34 944 139 000 Ext. 2859 Fax: +34 944 139 101