AW: AW: AW: Override EAP invalid result in authentication section

Phil Mayers p.mayers at
Wed Jun 5 16:45:30 CEST 2013

On 05/06/13 15:23, PENZ Robert wrote:
> Hi!
> I need to send devices with expired or revoked certificates to a
> remediation vlan, but my reject vlan is for guest access. Both checks
> happen at the end of the EAP process where the switch expects a
> reject or accept packet. I need now to change the reject for the
> expired to a accept. Setting the vlan for the switch is no problem I
> do that already, I just need an accept. ;-)

Yes, you've said that multiple times.

> I hope it's clear what I want/need. ;-)

I don't understand why you're having trouble with this.

The clients are being rejected by the "verify" script. Your debug showed 

Change the script so that they're not rejected.

Then, elsewhere, set a VLAN on expired/revoked certificates.

I repeat, for the final time - you CANNOT CHANGE A REJECT TO AN ACCEPT 

I'm not going to respond again.

More information about the Freeradius-Users mailing list