Not rejecting rejected users

A.L.M.Buxey at A.L.M.Buxey at
Thu Jul 24 22:53:38 CEST 2014


>    clients, when the radius sends a reject packet to the NAS, all is well and
>    the client gets rejected. On wireless however, especially with windows XP
>    machines, the machine will constantly retry connection to the SSID.

whats the cause of the reject? incorrect password? you can use the MSCHAPv2 retry method
if its PEAP - the client will geta  prompt to reenter their credentials...otherwise the client
will just keep on trying and trying and trying....

with wireless 802.1X you cannt reject and give them another vlan like you can with wired (*)
the key required for the WPA2enterproise part is done in the access-accept . with wired you have
guest/fail vlan options (not with MACSEC though). 


(*) some vendors have really interesting/nasty non-interopt kludges to get their APs to
do some 'nasty things' in some cases.

More information about the Freeradius-Users mailing list