What we've seen is that if a Windows client does EAP authentication, regardless which one, and it fails it doesn't try to do a DHCP request even if you reply a radius success and vlan attributes to the switch.
On 2015-02-24 12:12, Christian Kratzer wrote: > Hi Sami, > > We made progress with our setup thanks to your previous tips. > > We now have following setup simplyfied a bit: > > <Handler TunnelledByPEAP=1> > Identifier TunnelledByPEAP=1 > AuthByPolicy ContinueWhileAccept > AuthBy SQLauthenticate > AuthBy INTERNALextractFunnyStuffFromRequest > AuthBy SQLauthorize > </Handler> > > <Handler> > Identifier Outer > AuthBy FILE > </Handler> > > the issue we are currently chasing is that the customer also wants > failed authentications to proceed into SQLauthorize so he can possible > put people into a walled garden with specific reply attributes. > > The issue seems to be that when MS-CHAP2 fails in TunneledByPeap it > seems to kill the EAP session and authentication terminates. > > Subsequent packets are not forwarded to the tunneled handler by the > outer handler. > > Do you have a suggestion how to accomplish authorization after failed > chap authentication. > > Terveisin > Christian > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien Handelsgericht Wien, FN 79340b *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* Notice: This e-mail contains information that is confidential and may be privileged. If you are not the intended recipient, please notify the sender and then delete this e-mail immediately. *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator