FreeRadius - MSCHAPv2 always authenticate user (WPA2-EAP)

Ben Tyson btysonnorrman at
Wed Jan 30 16:53:04 CET 2019


Version of FreeRadius:Latest from Download
Operating System: ARM (raspberry PI) or Linux (can be switched, as needed)

I'm trying to create an open WPA2-EAP wireless network. Yes, I know
that's a contradiction in terms, but bear with me.

We need client separation, rather than authentication - so need the
WPA2-EAP facilities, without authentication users.

Windows 7 & 10 clients and DD-wrt as the wireless access point

**Note the windows clients do not have admin rights, so I can't
install client and CA certs on them**

It is possible to tell FreeRadius to accept all, by using DEFAULT
Auth-Type = Accept - however that just returns an authorised to the
access point - and doesn't return a MSCHAPv2-Successful, so the client
can connect to the network, but then doesn't get the correct response
to continue, so keeps on trying to authenticate.

Does anyone know if there is a way of forcing the MSCHAP module to
return authorised (e.g. a debugging mode) - or would it be reasonable
to strip the module, so that it always returns Successful.

Any other thoughts, gratefully received, but note: anything that
involves going hands on with the clients won't work.

Thank you, apologies for failure in etiquette along the way.

More information about the Freeradius-Users mailing list