EAP-PEAP with mschap login failed MSCHAP returns reject but we want to send no Reject but Accept with GUEST Vlan AVPs

[Phil Mayers]

On 18/06/14 13:09, Becker, Alexander wrote:

> When a module (say, mschap with ntlm_auth) returns REJECT because of the
> user is not present in the AD, I want to continue processing the request
> to, let's say, accept the request, but provide an alternative VLAN
> (Tunnel-Id) to the endpoint.

You can't. mschap is a challenge/response protocol. You can't force it 
to succeed without valid authentication data and if you do, the client 
will reject it anyway as the response will be invalid.

You need to look for "fail vlan" support on your NAS.