Re: Accepting all users in PEAP

2005-08-05 Thread Alan DeKok
Pedro Ribeiro <[EMAIL PROTECTED]> wrote:
>   I'm trying to make life easier for users that don't configure
>   well the access to our wireless network or are using the wrong
>   credentials.
> 
>   My idea was to always accept them, but force them to some special
>   network (Vlan) that for every web access redirects them to a page
>   explaining the problem (yes I know Reply-Message is meant to this,
>   but unfortunately Windows doesn't show the message to users ...)

  PEAP uses MS-CHAPv2 in the inner tunneled session, which means that
the RADIUS server needs the users password to finish the
authentication session.  Without the password, the session will not
finish, and the client will not think it's authenticated.

>   Does anyone have a similar setup that could give-me some tips
>   (example configuration) ?

  It's pretty much impossible.

  Alan DeKok.

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


Accepting all users in PEAP

2005-08-05 Thread Pedro Ribeiro
Hello freeradius-users,

  I'm trying to make life easier for users that don't configure
  well the access to our wireless network or are using the wrong
  credentials.

  My idea was to always accept them, but force them to some special
  network (Vlan) that for every web access redirects them to a page
  explaining the problem (yes I know Reply-Message is meant to this,
  but unfortunately Windows doesn't show the message to users ...)

  I've made some tests to this without success ...

  Does anyone have a similar setup that could give-me some tips
  (example configuration) ?
  
  Thanks!

  Note: Our Wireless Network is based in Cisco AP1230G APs with
  FreeRADIUS doing the AAA and getting the users credentials from a
  MySQL Backend.
  Authentication EAP/PEAP/MSCHAPv2 or EAP/TTLS/PAP
  For curious people here goes the URL for some extra information:
  http://www.net.ipl.pt/index.php?id=19 ( in Portuguese )
  
-- 
Best regards,
 Pedro  mailto:[EMAIL PROTECTED]

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html