Am 18.01.16 um 08:15 schrieb SinTeZ Wh1te:
Hi,
Have you checked, if Authby Group may satisfy your need?
Ie.
AuthByPolicy ContinueWhileReject
# Alternatively, ContinueUntilAccept could fit better, depending on
your needs
# Primary, which may reject
# Secondary, whi
Hello -
You don’t have to do anything - the second AuthBy RADIUS clause will send the
reply to the NAS.
If you want to do more than that you will also need a ReplyHook in the second
AuthBy RADIUS clause.
regards
Hugh
> On 18 Jan 2016, at 18:15, SinTeZ Wh1te wrote:
>
> Hello Hugh!
>
> >
Hi,
a customer of mine has a WLAN EAP-TLS setup where there is an issue that some
clients don't complete the EAP handshake.
When comparing the traces the issue with the failing clients seems to be
that after receiving the certificate from the radius server the clients
never send their client cert
Hello Christian,
Usually this kind of behaviour is due to MTU problems.
There can be differences between different vendors for example how they
do tunnelling and how it affects to MTUs etc.
Please try to adjust maximum TLS fragment size to see if it helps.
Please see more at page 92
5.21.39 EAPT
Hi Sami,
On Mon, 18 Jan 2016, Sami Keski-Kasari wrote:
> Hello Christian,
>
> Usually this kind of behaviour is due to MTU problems.
> There can be differences between different vendors for example how they
> do tunnelling and how it affects to MTUs etc.
>
> Please try to adjust maximum TLS fragme
Hello Hugh.
Second AuthBy clause not send reply to NAS.
radius.cfg
---
Identifier Primary
Host 10.0.6.151
Secret 123456
AuthPort 1812
AcctPort 1813
ReplyHook file:"/etc/radiator/AccessReject"
Identifier Secondary
Host 10.0.6.152
Secret 123456
AuthPort 1812
AcctPort 1813
AuthBy Primary
