Accept users that not define

Fajar A. Nugraha list at fajar.net
Mon Apr 1 02:19:41 CEST 2013


On Fri, Mar 29, 2013 at 11:20 PM, Mehdi Ravanbakhsh <babakco at gmail.com>wrote:

> Dear Fajar
>
> thanks for your replay
>
> I have about 300 request per second in my router , so i should accept
> all incoming connection , but if user not define or should be rejected
> i should change IP pool to user can not access to internet and just
> redirect to help paje.
>
> in all section i change or rewrite policy to not reject the and just
> change ip pool but if user not define what should i do ?
>
>
IIRC routers with 802.1x should have settings to assign users to default,
restricted vlan when they're haven't authenticated yet. I suggest you look
into this one first.

As for radius side, you need to make sure that your users ONLY use PAP or
TTLS/PAP. If you can enforce that, then you can accept all users regardless
of their user/password combination.

However usually (e.g. when majority of your users use Windows and its
built-in supplicant) you'd also need EAP-PEAP-MSCHAPv2, in which case
there's no way to do what you want.

-- 
Fajar
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130401/e748754b/attachment.html>


More information about the Freeradius-Users mailing list