On 18.03.2013 16:48, Danny Kurniawan wrote: > Hi All, > > So i have been able to authenticate my wireless user using 802.1x + LDAP > + MAC address (using CallingStationID attriubute). So now for example > when user A have MAC 11:22:33 but tried to login using another device > there will be a pop up window when they try to connect - just a plain > error popup saying "Unable to connect". Is there any way we can > customize this error from radius? or should be from the wireless AP? > > So below is the unlang code that i use to check whether the user have a > set of MAC address in their ldap profile or not > if(!control:Calling-Station-Id){ > reject > } > > Possible to have that reject command to return some code that Windows > client can understand like "No MAC address" etc? > > Thanks in advance > Danny
you could send back a reply-message. But it is forbidden if you are doing EAP. And anyway, Micro$oft is not paying attention to it and will disregard it. so no, you can't send a message to the user. Olivier -- Olivier Beytrison Network & Security Engineer, HES-SO Fribourg Mail: oliv...@heliosnet.org - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html