How to allow wrong passwords in Peap-Mschapv2?
Alan DeKok
aland at deployingradius.com
Thu Jan 23 14:50:55 UTC 2025
On Jan 23, 2025, at 12:02 AM, daoxuan shi <shidaoxuan at gmail.com> wrote:
>
> I have found the method to achieve this goal, and I will provide a few
> examples below:
That surprises me. RFC 2759 is very clear that the Success packet has to be checked by the client;
https://datatracker.ietf.org/doc/html/rfc2759#section-5
The
authenticating peer MUST verify the authenticator response when a
Success packet is received. The method for verifying the
authenticator is described in section 8.8, below. If the
authenticator response is either missing or incorrect, the peer MUST
end the session.
I'll have to try this out. If it works, we'll update the examples and documentation.
Alan DeKok.
More information about the Freeradius-Users
mailing list