802.1X - ldap AND users file
Alan DeKok
alan.dekok at inkbridge.io
Wed Apr 1 16:20:14 UTC 2026
On Apr 1, 2026, at 11:22 AM, cedric Delaunay <cedric.delaunay at insa-rennes.fr> wrote:
> I'd like to find how to force "accept" for a special user, based on "mods-config/files/authorize" file
> - user is logged-in on device so that is real username is kown only by inner-tunnel
> - user isn't known by ldap (that's why I try with "users" file)
> - user's password may change so that I don't want to check it
This allegedly works. It was posted to the list a while back. I haven't had a chance to test it in detail, or figure out exactly what Windows is doing with it.
authorize {
...
update {
&control:SMB-Account-CTRL-TEXT := '[N]'
&reply:MS-CHAP2-Success = 'password-free'
}
..
That allegedly works for MS-CHAP authentication. I've tried it with PEAP, and got nowhere.
Alan DeKok.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: Message signed with OpenPGP
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20260401/2cd7af23/attachment.sig>
More information about the Freeradius-Users
mailing list