How to allow wrong passwords in Peap-Mschapv2?

daoxuan shi shidaoxuan at gmail.com
Thu Jan 23 05:02:31 UTC 2025 

I have found the method to achieve this goal, and I will provide a few
examples below:

1. **For PEAP-MSCHAPv2 authentication**, you need to add the following
configuration in the inner `authorize` section:
   ```plaintext
   authorize {
      ......
      -ldap
      update {
         &control:SMB-Account-CTRL-TEXT := '[N]'
         &reply:MS-CHAP2-Success = 'password-free'
      }
   }
   ```

2. **For PEAP-GTC authentication**, you need to add the following
configuration in the inner `authorize` section:
   ```plaintext
   authorize {
      ......
      -ldap
      if (EAP-Type == GTC) {
         update {
            Auth-Type := Accept
         }
      }
      ......
   }
   ```

These configurations are tailored to the respective authentication methods,
ensuring proper handling of the authentication process. Let me know if you
need further clarification or additional translations!

Alan DeKok <aland at deployingradius.com> 于2025年1月17日周五 21:49写道:

> On Jan 17, 2025, at 4:03 AM, daoxuan shi <shidaoxuan at gmail.com> wrote:
> >
> > I'm trying to deploy freeadius 3.0.21, and having a problem. I need to
> > support peap-machapv2 and peap-gtc authentication protocols.
> > My boss is very old and often enters wrong passwords. I need to
> temporarily
> > bypass password verification for him. Regardless of whether the password
> is
> > correct or not, his computer will eventually complete peap-machapv2
> > authentication.
> > I tried many methods, such as configuring his MAC address directly
> > Auth-Type := Accept in authorize, but it didn't seem to work.
>
>   It's impossible.
>
>   And why is someone re-entering passwords?  The system should cache the
> password, and just re-use the cached passwords.
>
>   So he's not "re-entering" the password wrong.  Something or someone is
> actively deleting the cached password, which forces him to re-enter it.
>
>   Why is the cached password being deleted from his system?  Is someone
> deleting the WiFi configuration?  If so, why?
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>


-- 
——
敬启
史道轩

More information about the Freeradius-Users mailing list