Question: How do I forcibly accept all rest requests??
Alan DeKok
aland at deployingradius.com
Wed Mar 31 01:47:02 CEST 2010
Difan Zhao wrote:
> However if you can fool the NAS to let it believe that the device is
> authenticated, will the switch also send an EAP success message to the
> laptop to fool him as well?
No. Even if it does, the laptop will ignore it. There is no
substitute for running the authentication protocol correctly.
> If the laptop is configured to use PEAP and to validate certificate,
> then you are right, there is nothing we can do.
>
> If the laptop is configured not to validate the certificate, then when
> the Server (freeradiusd) sends a challenge in the TLS tunnel and
> received a hashed reply, can it be configured to simply send a "success"
> back anyway?
That's not the way PEAP works. So no, it's impossible.
> If the laptop is configured to use MD5, then I think it's even easier to
> make this happen...?
It's still impossible.
> I apologize if I got any EAP/Radius theory totally wrong...
>
> The company I work for serves hotels. They want their staff to be put in
> right VLAN for admin management purpose while guests put in guest VLAN.
> Now my setup is pissing some guests off because they don't like to see
> "failed" on their laptops. It's kind of important... I will really
> appreciate if you can come up with a solution for it...
<shrug> That's the way networks work.
And you expect me to come up with a solution (for free) that you're
charging for?
Alan DeKok.
More information about the Freeradius-Users
mailing list