Lorel hardy wrote:
Maybe I've found a solution but I don't know how doing it...
It would run without an AD server if freeradius reply an EAP-Accept
when a special string (like "domain/*") is sent in EAP-Access without
asking anymore ? so could I make it efficient and how ?
What do you think about this idea ?
It won't work. PEAP's inner authentication (MSCHAPv2) relies on a
cryptographically correct success response from the server to the client
in order to complete. Just sending an EAP-Success packet without having
the correct signature in the MSCHAPv2 response will cause any
correctly-written client to shutdown the conversation and refuse to connect.
--Mike
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
