Simultaneous-Use and PEAP doesn't work correctly.

Alan DeKok aland at deployingradius.com
Fri Oct 12 10:17:02 CEST 2007 

Marcotte, Tyler wrote:
> Thank you for the response, even if it was ridden with unnecessary
> sarcasm.

  <shrug>  After nearly a decade on this list, I've found that the best
way to convince certain people to READ my messages, and to THINK about
the problem they have is to be blunt.  Those people then get upset, even
after their questions have been answered.

  For some psychological reason, it's considered polite for people like
you to argue with the experts, and to tell the experts that they're
wrong.  It's considered rude for the experts to explain how things work.
 I don't understand it, but I've learned to deal with it.

> While I don't necessarily agree with your logic,

  <sigh>  Once again, we've run into the conflict.  If you don't agree
with my logic, it's because you don't understand how things work.  Since
you say you don't agree with my logic, it means you're arguing with me.
 Yet you said earlier that you weren't trying to argue with me.

  Can you see where my frustration comes from?  "I'm not arguing, but I
think you're wrong."

  If you're so all-fired knowledgable, why are you asking questions on
this list?

> I can see why you would
> think this is sufficient for normal 802.1X authentication and denial.
> The problem comes when you try to do something with a rejected user, for
> example, throw them in a different vlan.

  Once again, it's clear you don't understand how RADIUS works.  When a
user is rejected, their session is GONE.  You CANNOT put them into a
different VLAN, because they have no session where that VLAN can be
assigned!

> If the reject never comes, or
> waits for the user to log out, issues can arise.

  "issues"... like what?  Please clarify.

  The reality is that there are no issues.  If the reject never comes,
the user never obtains network access.  There are no issues with that,
because the user is not trying to obtain network access.

  What issues could there possible be?  You want to assign the user a
VLAN when they're not requesting access... How are you going to do that?

> Again, thank you for your explanation; it was very insightful, even if
> it was condescending and rude.

  It might have opened a small crack of enlightenment.  If so, it was
productive, even if the process was painful for you.

  Alan DeKok.

More information about the Freeradius-Users mailing list