Integration with CISCO Router for PEAP requests
Phil Mayers
p.mayers at imperial.ac.uk
Fri Aug 31 11:26:57 CEST 2012
On 08/30/2012 05:52 PM, Andras Ionut wrote:
>
> Now, I especially need to send Access-Accept for PEAP with inner
> EAP-MSCHAPv2, and I also I don't use MyQL to select the users.
> I've also tried to set Access-Accept as any other AVP from my Freeradius
> module, but doesn't work. (extract from log attached)
You keep repeating this. It is obvious you are really desparate. But it
doesn't work like that.
You *CAN* force the server to send the Accept - Arran has shown you how
to do that. The FAQ entry is another way to force it for *every* user.
The reason the FAQ entry says "this doesn't work for EAP" is NOTHING to
do with the server. With enough knowledge, you can make the server do
anything you want.
The problem is the EAP client. It WILL NOT STAY CONNECTED to the network.
Think about it for a second: from the debug you show, you are dealing
with Wi-Fi. If you force auth success, the radius server will return an
accept, and the wi-fi point will forward the EAP Success to the client.
But the client will not have completed a successful authentication, so
it won't have any keying material. How is it going to send encrypted
packets?
Try it and see; do what the FAQ entry says, or what Arran has suggested,
and watch what the client does when you try to override failed auth.
More information about the Freeradius-Users
mailing list