Thanks. I will take a look. On Dec 15, 2014, at 10:00 AM, Robert Fisher <[email protected]> wrote:
> You can do this with a PostAuthHook. > > Check out the goodies/hooks.txt file -- The first four examples cover > this, in fact -- the fourth example is specifically removing specific > reply items based on the Client Identifier. > > Robert Fisher > Systems Administrator > Sitestar Internet Services > > On 12/15/2014 9:47 AM, Mueller, Jason C wrote: >> Is there a way to not include radius attributes, when sending a RADIUS >> access-reject? >> >> I have AddToReply attributes in the client stanza. I need to send different >> attributes based on the device type that is being authenticated against, >> which is why the AddToReply config is in the client stanza. >> >> >> Here is a sanitized version of the client stanza: >> <Client 192.168.1.1/32> >> IdenticalClients 192.168.2.1/32 >> Secret areallygoodsecret >> DupInterval 0 >> AddToReply Session-Timeout=0,Juniper-Local-User-Name=some_name >> </Client> >> >> >> However, some devices don’t like getting attributes in an access-reject, >> including Juniper MX’s. >> >> Is there a way to strip out all the defined AddToReply attributes, as well >> as the RADIUS reply-message (attribute 18), when sending an access-reject? >> >> Thanks. >> >> -Jason >> >> _______________________________________________ >> radiator mailing list >> [email protected] >> http://www.open.com.au/mailman/listinfo/radiator > > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
