EAP-PEAP with mschap login failed MSCHAP returns reject but we want to send no Reject but Accept with GUEST Vlan AVPs
p.mayers at imperial.ac.uk
Wed Jun 18 14:23:58 CEST 2014
On 18/06/14 13:09, Becker, Alexander wrote:
> When a module (say, mschap with ntlm_auth) returns REJECT because of the
> user is not present in the AD, I want to continue processing the request
> to, let's say, accept the request, but provide an alternative VLAN
> (Tunnel-Id) to the endpoint.
You can't. mschap is a challenge/response protocol. You can't force it
to succeed without valid authentication data and if you do, the client
will reject it anyway as the response will be invalid.
You need to look for "fail vlan" support on your NAS.
More information about the Freeradius-Users