Hi, On Tue, 9 Jun 2015, Heikki Vatiainen wrote: > On 9.6.2015 15.18, Christian Kratzer wrote: > >> yes that would help separate the cases but I would still need to solve >> the non eap case, i.E how to ignore SQLauthorize while SQLauthenticate >> is challenging the client. Would something like this work for plain >> MSCHAPv2 ? >> >> ContinueUntilChallenge >> AuthBy SQLauthenticate >> AuthBy SQLauthorize ( uses NoEAP and NoCheckPassword ) > > Hmm, going back to your earlier message, I'd say 'AuthByPolicy > ContinueWhileAccept' should be good for both EAP and non-EAP case. > > With plain (non-EAP) MSCHAPv2, there is no need to challenge the client. > When EAP authentication is done, it does use challenge, but non-EAP does > not. Radiator can immediately respond with accept or reject. > > If the client does not want to continue in the non-EAP case, then it may > not like the response Radiator sends. This could happen when, for > example, the response Radiator calculates is incorrect. > > If you switch to EAP-TTLS/PAP for testing, it should work similarly with > one request and immediate accept/reject from Radiator.
Good tip. It seems that some attributes added by SQLauthorize are interfering. We added an AllowInReplay clause to the handler for non eap cases and it seems to be working as planned. Still testing though. Greetings Christian -- Christian Kratzer CK Software GmbH Email: c...@cksoft.de Wildberger Weg 24/2 Phone: +49 7032 893 997 - 0 D-71126 Gaeufelden Fax: +49 7032 893 997 - 9 HRB 245288, Amtsgericht Stuttgart Mobile: +49 171 1947 843 Geschaeftsfuehrer: Christian Kratzer Web: http://www.cksoft.de/ _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator