Good afternoon guys!
I am running version 2.1.6. The server is currently doing 802.1x authentication
for network devices. Some devices are PCs and users use their Windows domain
user/password to login. The rest are special network equipments and I use "MAC
address authentication bypass" to authenticate them.
Now I have a dilemma that I need to make all other devices (guest devices from
out of my company) to be authenticated as well...
Currently if these devices (usually laptop running Windows XP) support 802.1x,
they will fail and they will be put in an Auth-failed VLAN. The VLAN itself is
fine and they can do whatever they want on this VLAN. However it's just that
annoying icon on their laptops. It pops up from time to time to notify users
that they failed authentication and even prompted for username and password if
configured to do so...
So I want to make all rest devices to be authenticated. It will be even better
if I can assign them to a specific VLAN. I was reading
./sites-avaliable/default and I found that "forcibly accept the user (Auth-Type
:= Accept)". Where do I put it? I tried:
post-auth {
Post-Auth-Type REJECT {
# attr_filter.access_reject
Auth-Type := Accept
}
}
And obviously it's not working... Any ideas how I should configure it? Thank
you!
Difan Zhao
Network Engineer
[email protected]
www.guest-tek.com
Office: 403-509-1010 ext 3048
Cell: 403-689-7514
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
