EAP bypass

[Alan DeKok]

Danny Paul wrote:
> My management would like a way to force authorization to
> succeed even if EAP has actually failed.

  This is impossible.  It is *designed* to be impossible.  If it was
possible, malicious networks could tell users that "authentication
succeeded", and then attack the users.

  You need to look at your NAS documentation for something like
"fallback VLAN" support.  Some NASes have the ability to put users into
special VLANs in some circumstances.

  In any case, the solution is much more complicated than just changing
the FreeRADIUS configuration (which won't do anything)

  Alan DeKok.