Uh... Guess you are right... I thought it was something easy but looks like it's not! I will let the hotel know that there is nothing we can do. I guess the hotel will give up after I tell them that I have consulted with the programmer lol. BTW this Freeradius is awesome program. Very flexible and I like it a lot! Your support is also very much appreciated! Thanks a lot
Guest-tek, Difan Zhao [email protected] www.guest-tek.com Office: 403-509-1010 ext 3048 Cell: 403-689-7514 -----Original Message----- From: freeradius-users-bounces+difan.zhao=guest-tek....@lists.freeradius.org [mailto:[email protected] us.org] On Behalf Of Alan DeKok Sent: Tuesday, March 30, 2010 5:47 PM To: FreeRadius users mailing list Subject: Re: Question: How do I forcibly accept all rest requests?? Difan Zhao wrote: > However if you can fool the NAS to let it believe that the device is > authenticated, will the switch also send an EAP success message to the > laptop to fool him as well? No. Even if it does, the laptop will ignore it. There is no substitute for running the authentication protocol correctly. > If the laptop is configured to use PEAP and to validate certificate, > then you are right, there is nothing we can do. > > If the laptop is configured not to validate the certificate, then when > the Server (freeradiusd) sends a challenge in the TLS tunnel and > received a hashed reply, can it be configured to simply send a "success" > back anyway? That's not the way PEAP works. So no, it's impossible. > If the laptop is configured to use MD5, then I think it's even easier to > make this happen...? It's still impossible. > I apologize if I got any EAP/Radius theory totally wrong... > > The company I work for serves hotels. They want their staff to be put in > right VLAN for admin management purpose while guests put in guest VLAN. > Now my setup is pissing some guests off because they don't like to see > "failed" on their laptops. It's kind of important... I will really > appreciate if you can come up with a solution for it... <shrug> That's the way networks work. And you expect me to come up with a solution (for free) that you're charging for? Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
