Integration with CISCO Router for PEAP requests
Andras Ionut
ionut.andras at gmail.com
Thu Aug 30 16:11:10 CEST 2012
Hi Phil,
Thanks a lot for the quick response.
I need this for PEAP with EAP protocol inside the tunnel, like EAP-MSCHAPv2.
Again, The device MUST reject the connection as EAP is not completed,
but the ROUTER needs that Access-Accept,
in order to be able to redirect user to portal.
Can this be done?
Thanks in advance.
Andras
On 30/08/12 11:12, Andras Ionut wrote:
> Thanks a lot for the quick answer Arran.
>
> That is exactly wahat I need - sending an Access-Accept and maybe
> EAP-Success if possible. I don't care if the device will not connect.
> I only need Access-Accept in order for the CISCO router to assign an
> IP to the client and redirect it to portal using L4_Redirect.
You're not understanding what Arran said.
This is an FAQ:
http://wiki.freeradius.org/FAQ#How-do-I-permit-access-to-any-user-regardless-of-password%3F
In short: many (most?) devices will drop the connection if auth fails,
including a missing or invalid final response in the inner
challenge-response auth.
So, forcing an accept might work for the router. But the client will
probably disconnect.
>
> Can this be done? If yes, can you please be more explicit on how to do
> this in freeradius?
See the FAQ entry above.
More information about the Freeradius-Users
mailing list