[RADIATOR] Extracting certificates info for EAP PEAP,TTLS,TLS
Hartmaier Alexander
alexander.hartmaier at t-systems.at
Tue Feb 24 06:38:13 CST 2015
What we've seen is that if a Windows client does EAP authentication,
regardless which one, and it fails it doesn't try to do a DHCP request
even if you reply a radius success and vlan attributes to the switch.
On 2015-02-24 12:12, Christian Kratzer wrote:
> Hi Sami,
>
> We made progress with our setup thanks to your previous tips.
>
> We now have following setup simplyfied a bit:
>
> <Handler TunnelledByPEAP=1>
> Identifier TunnelledByPEAP=1
> AuthByPolicy ContinueWhileAccept
> AuthBy SQLauthenticate
> AuthBy INTERNALextractFunnyStuffFromRequest
> AuthBy SQLauthorize
> </Handler>
>
> <Handler>
> Identifier Outer
> AuthBy FILE
> </Handler>
>
> the issue we are currently chasing is that the customer also wants
> failed authentications to proceed into SQLauthorize so he can possible
> put people into a walled garden with specific reply attributes.
>
> The issue seems to be that when MS-CHAP2 fails in TunneledByPeap it
> seems to kill the EAP session and authentication terminates.
>
> Subsequent packets are not forwarded to the tunneled handler by the
> outer handler.
>
> Do you have a suggestion how to accomplish authorization after failed
> chap authentication.
>
> Terveisin
> Christian
>
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
More information about the radiator
mailing list