[RADIATOR] Extracting certificates info for EAP PEAP,TTLS,TLS

Hartmaier Alexander alexander.hartmaier at t-systems.at
Tue Feb 24 06:38:13 CST 2015


What we've seen is that if a Windows client does EAP authentication,
regardless which one, and it fails it doesn't try to do a DHCP request
even if you reply a radius success and vlan attributes to the switch.

On 2015-02-24 12:12, Christian Kratzer wrote:
> Hi Sami,
>
> We made progress with our setup thanks to your previous tips.
>
> We now have following setup simplyfied a bit:
>
>       <Handler TunnelledByPEAP=1>
>           Identifier TunnelledByPEAP=1
>           AuthByPolicy ContinueWhileAccept
>           AuthBy SQLauthenticate
>           AuthBy INTERNALextractFunnyStuffFromRequest
>           AuthBy SQLauthorize
>       </Handler>
>
>       <Handler>
>           Identifier Outer
>           AuthBy FILE
>       </Handler>
>
> the issue we are currently chasing is that the customer also wants
> failed authentications to proceed into SQLauthorize so he can possible
> put people into a walled garden with specific reply attributes.
>
> The issue seems to be that when MS-CHAP2 fails in TunneledByPeap it
> seems to kill the EAP session and authentication terminates.
>
> Subsequent packets are not forwarded to the tunneled handler by the
> outer handler.
>
> Do you have a suggestion how to accomplish authorization after failed
> chap authentication.
>
> Terveisin
> Christian
>



*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*


More information about the radiator mailing list