On 05/06/13 15:23, PENZ Robert wrote:
Hi!
I need to send devices with expired or revoked certificates to a
remediation vlan, but my reject vlan is for guest access. Both checks
happen at the end of the EAP process where the switch expects a
reject or accept packet. I need now to change the reject for the
expired to a accept. Setting the vlan for the switch is no problem I
do that already, I just need an accept. ;-)
Yes, you've said that multiple times.
I hope it's clear what I want/need. ;-)
I don't understand why you're having trouble with this.
The clients are being rejected by the "verify" script. Your debug showed
this.
Change the script so that they're not rejected.
Then, elsewhere, set a VLAN on expired/revoked certificates.
I repeat, for the final time - you CANNOT CHANGE A REJECT TO AN ACCEPT
IN EAP.
I'm not going to respond again.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
