On 05/14/2011 11:28 AM, [email protected] wrote:
Hi,Using freeradius 1.1.3. Im trying to get freeradius to return a helpful reply-message in access-rejects to the NAS but the reply-message seems to get stripped from the access-reject packet. Ive configured the reply-message as below in /etc/raddb/sites-enabled/default post-auth { sql exec Post-Auth-Type REJECT { # Login failed update reply { Reply-Message = "Login Failure" } sql attr_filter.access_reject } } Using wireshark on the radius server, I can see the correct reply-message AVP as below Radius Protocol Code: Access-Reject (3) Packet identifier: 0xda (218) Length: 35 Authenticator: a6208196777dac6e68b45f647a46bc44 [This is a response to a request in frame 1] [Time from request: 1.000227000 seconds] Attribute Value Pairs AVP: l=15 t=Reply-Message(18): Login Failure Reply-Message: Login Failure However, on the receiving NAS, using wireshark, there is no reply-message AVP!
What is between the radius server and NAS? Something must be, because it's modifying the packet. Do you have an intermediate proxy server?
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
