AW: AW: AW: Override EAP invalid result in authentication section
Phil Mayers
p.mayers at imperial.ac.uk
Wed Jun 5 16:45:30 CEST 2013
On 05/06/13 15:23, PENZ Robert wrote:
> Hi!
>
> I need to send devices with expired or revoked certificates to a
> remediation vlan, but my reject vlan is for guest access. Both checks
> happen at the end of the EAP process where the switch expects a
> reject or accept packet. I need now to change the reject for the
> expired to a accept. Setting the vlan for the switch is no problem I
> do that already, I just need an accept. ;-)
Yes, you've said that multiple times.
>
> I hope it's clear what I want/need. ;-)
I don't understand why you're having trouble with this.
The clients are being rejected by the "verify" script. Your debug showed
this.
Change the script so that they're not rejected.
Then, elsewhere, set a VLAN on expired/revoked certificates.
I repeat, for the final time - you CANNOT CHANGE A REJECT TO AN ACCEPT
IN EAP.
I'm not going to respond again.
More information about the Freeradius-Users
mailing list