On 9.6.2015 15.18, Christian Kratzer wrote: > yes that would help separate the cases but I would still need to solve > the non eap case, i.E how to ignore SQLauthorize while SQLauthenticate > is challenging the client. Would something like this work for plain > MSCHAPv2 ? > > ContinueUntilChallenge > AuthBy SQLauthenticate > AuthBy SQLauthorize ( uses NoEAP and NoCheckPassword )
Hmm, going back to your earlier message, I'd say 'AuthByPolicy ContinueWhileAccept' should be good for both EAP and non-EAP case. With plain (non-EAP) MSCHAPv2, there is no need to challenge the client. When EAP authentication is done, it does use challenge, but non-EAP does not. Radiator can immediately respond with accept or reject. If the client does not want to continue in the non-EAP case, then it may not like the response Radiator sends. This could happen when, for example, the response Radiator calculates is incorrect. If you switch to EAP-TTLS/PAP for testing, it should work similarly with one request and immediate accept/reject from Radiator. Thanks, Heikki -- Heikki Vatiainen <[email protected]> Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
