On 14/08/2009 07:51, Alan DeKok wrote:
Michael Bryant wrote:
unlang? set a variable to the value of MS-CHAP-Error and then set the
Reply-Message
to be some text with that variable in it.
Unfortunately, this sends it back in the next packet, which is an
Access-Challenge, not in the final Access-Reject.
Sending Reply-Message in an Access-Reject is not permitted for EAP
sessions. It is also not supported by any NAS.
Sending a Reply-Message is not permitted in any packet where an EAP-Message
attribute is included.
What you want to do is impossible. Even if you get FreeRADIUS to send
a Reply-Message, it will get ignored by the NAS and the client PC. As a
result, the message will do *nothing* useful.
Depends on the NAS. But yeah, doing this breaks things. The best thing you can
do is log the error in the post-auth section.
If you want the users to fix the issues themselves, then it'd be pretty easy to
write a small web app to look through the failure codes and convert them into
something humanly readable.
Arran
--
Arran Cudbard-Bell <a.cudbard-b...@sussex.ac.uk>,
Systems Administrator (AAA),
Infrastructure Services (IT Services),
E1-1-08, Engineering 1, University Of Sussex, Brighton, BN1 9QT
DDI+FAX: +44 1273 873900 | INT: 3900
GPG: 86FF A285 1AA1 EE40 D228 7C2E 71A9 25BB 1E68 54A2
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html