Question: How do I forcibly accept all rest requests??

Difan Zhao difan.zhao at guest-tek.com
Wed Mar 31 02:28:08 CEST 2010


Uh... Guess you are right... I thought it was something easy but looks
like it's not! I will let the hotel know that there is nothing we can
do. I guess the hotel will give up after I tell them that I have
consulted with the programmer lol. BTW this Freeradius is awesome
program. Very flexible and I like it a lot! Your support is also very
much appreciated! Thanks a lot

Guest-tek, Difan Zhao
difan.zhao at guest-tek.com
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514

-----Original Message-----
From:
freeradius-users-bounces+difan.zhao=guest-tek.com at lists.freeradius.org
[mailto:freeradius-users-bounces+difan.zhao=guest-tek.com at lists.freeradi
us.org] On Behalf Of Alan DeKok
Sent: Tuesday, March 30, 2010 5:47 PM
To: FreeRadius users mailing list
Subject: Re: Question: How do I forcibly accept all rest requests??

Difan Zhao wrote:
> However if you can fool the NAS to let it believe that the device is
> authenticated, will the switch also send an EAP success message to the
> laptop to fool him as well?

  No.  Even if it does, the laptop will ignore it.  There is no
substitute for running the authentication protocol correctly.

> If the laptop is configured to use PEAP and to validate certificate,
> then you are right, there is nothing we can do.
> 
> If the laptop is configured not to validate the certificate, then when
> the Server (freeradiusd) sends a challenge in the TLS tunnel and
> received a hashed reply, can it be configured to simply send a
"success"
> back anyway?

  That's not the way PEAP works.  So no, it's impossible.

> If the laptop is configured to use MD5, then I think it's even easier
to
> make this happen...?

  It's still impossible.

> I apologize if I got any EAP/Radius theory totally wrong...
> 
> The company I work for serves hotels. They want their staff to be put
in
> right VLAN for admin management purpose while guests put in guest
VLAN.
> Now my setup is pissing some guests off because they don't like to see
> "failed" on their laptops. It's kind of important... I will really
> appreciate if you can come up with a solution for it... 

  <shrug>  That's the way networks work.

  And you expect me to come up with a solution (for free) that you're
charging for?

  Alan DeKok.

-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html




More information about the Freeradius-Users mailing list