Is there a way to not include radius attributes, when sending a RADIUS
access-reject?
I have AddToReply attributes in the client stanza. I need to send different
attributes based on the device type that is being authenticated against, which
is why the AddToReply config is in the client stanza.
Here is a sanitized version of the client stanza:
<Client 192.168.1.1/32>
IdenticalClients 192.168.2.1/32
Secret areallygoodsecret
DupInterval 0
AddToReply Session-Timeout=0,Juniper-Local-User-Name=some_name
</Client>
However, some devices don’t like getting attributes in an access-reject,
including Juniper MX’s.
Is there a way to strip out all the defined AddToReply attributes, as well as
the RADIUS reply-message (attribute 18), when sending an access-reject?
Thanks.
-Jason
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
