Accepting all users in PEAP

Alan DeKok aland at ox.org
Fri Aug 5 19:25:12 CEST 2005


Pedro Ribeiro <pribeiro-bulk at net.ipl.pt> wrote:
>   I'm trying to make life easier for users that don't configure
>   well the access to our wireless network or are using the wrong
>   credentials.
> 
>   My idea was to always accept them, but force them to some special
>   network (Vlan) that for every web access redirects them to a page
>   explaining the problem (yes I know Reply-Message is meant to this,
>   but unfortunately Windows doesn't show the message to users ...)

  PEAP uses MS-CHAPv2 in the inner tunneled session, which means that
the RADIUS server needs the users password to finish the
authentication session.  Without the password, the session will not
finish, and the client will not think it's authenticated.

>   Does anyone have a similar setup that could give-me some tips
>   (example configuration) ?

  It's pretty much impossible.

  Alan DeKok.




More information about the Freeradius-Users mailing list