AW: Override EAP invalid result in authentication section
Phil Mayers
p.mayers at imperial.ac.uk
Tue May 28 10:35:32 CEST 2013
On 05/28/2013 09:06 AM, PENZ Robert wrote:
> But I can't change a Reject to Accept in Post-Auth .. at least
> that's what I read. Can you show me what I should to? I don't need to
> change VLANs .. just need an accept, the VLAN is already correct (set
> in authorize already as it's the same as for MAC authentication)
You can't do that. EAP is a challenge-response protocol; you can't force
it to "succeed" - the remote peer will think it failed and drop the link.
What you want to do isn't possible in general. Instead, you need to look
into "auth failed VLAN" support on your network equipment - this
generally only works for wired connections though.
Also, please stop posting partial debugs with the wrong options; it's
"radiusd -X" and a full debug. The timestamps are just noise, and you've
removed most of the debug so it's not possible to infer the full auth
processing and offer you more specific advice.
More information about the Freeradius-Users
mailing list