PEAP access-reject problem
Alan DeKok
aland at deployingradius.com
Mon Sep 3 10:47:39 CEST 2012
Ana Gallardo Gómez wrote:
> I would like to return diferent values of a personal atribute
> (Codigo-Reject) in a Access-Reject. I would like to do this in PEAPv0,
> EAP-TTLS-PAP and EAP-TTLS-MsCHAPv2
>
> With my configuration I can return Codigo-Reject in EAP-TTLS-PAP and
> EAP-TTLS-MsCHAPv2 but I can't in PEAP.
That's been discussed before. The attributes from an inner tunnel
reject aren't saved. Only the ones from an inner tunnel accept are saved.
The reason it works for TTLS and not for PEAP is differences in the
internal implementation.
I'd suggest moving those rules to the outside of the tunnel.
Alan DeKok.
More information about the Freeradius-Users
mailing list