Alan DeKok wrote:
Danny Paul wrote:
My management would like a way to force authorization to succeed even if EAP has actually failed.
This is impossible. It is *designed* to be impossible. If it was possible, malicious networks could tell users that "authentication succeeded", and then attack the users.
You need to look at your NAS documentation for something like "fallback VLAN" support. Some NASes have the ability to put users into special VLANs in some circumstances.
If this is a wired port then just force an Access-Accept, yes it breaks the RFC but if your NAS doesn't inspect the contents of the EAP-Message then it'll work.
In any case, the solution is much more complicated than just changing the FreeRADIUS configuration (which won't do anything)
Thanks, Arran