--- freeradius-1.1.2/src/main/auth.c	2005-10-31 17:59:21.000000000 +0000
+++ freeradius-1.1.2-sim-use-reply/src/main/auth.c	2006-07-07 10:39:18.000000000 +0100
@@ -733,12 +733,25 @@
 			}
 			if (!mpp_ok){
 				if (check_item->lvalue > 1) {
-		  		snprintf(umsg, sizeof(umsg),
-							"\r\nYou are already logged in %d times  - access denied\r\n\n",
-							(int)check_item->lvalue);
-					user_msg = umsg;
+					/*
+					 * Use a Reply-Message appropriate for reporting single session concurrency
+					 */
+					tmp = pairfind(request->reply->vps, PW_SIMULTANEOUS_REPLY_MESSAGE_MULTIPLE);
+					if ( tmp != NULL ){
+						user_msg = strdup((char *)tmp->strvalue);
+					} else {
+						user_msg = mainconfig.simul_reply_message_multiple;
+					}
 				} else {
-					user_msg = "\r\nYou are already logged in - access denied\r\n\n";
+					/*
+					 * Use a Reply-Message appropriate for reporting multiple session concurrency
+					 */
+					tmp = pairfind(request->reply->vps, PW_SIMULTANEOUS_REPLY_MESSAGE_ONCE);
+					if ( tmp != NULL ){
+						user_msg = strdup((char *)tmp->strvalue);
+					} else {
+						user_msg = mainconfig.simul_reply_message_once;
+					}
 				}
 
 				request->reply->code = PW_AUTHENTICATION_REJECT;
@@ -751,6 +764,20 @@
 				tmp = pairmake("Reply-Message", user_msg, T_OP_SET);
 				request->reply->vps = tmp;
 
+				/*
+				 *	Xlat the Reply-Message.
+				 *	This is also done for Access-Accepts at line 1000,
+				 *	perhaps the code should be refactored to avoid
+				 *	this special case?
+				 */
+
+				reply_item = pairfind(request->reply->vps, PW_REPLY_MESSAGE);
+				radius_xlat(buf, sizeof(reply_item->strvalue),
+					    (char *)reply_item->strvalue, request, NULL);
+				strNcpy((char *)reply_item->strvalue, buf,
+					sizeof(reply_item->strvalue));
+				reply_item->length = strlen((char *)reply_item->strvalue);
+
 				snprintf(logstr, sizeof(logstr), "Multiple logins (max %d) %s",
 					check_item->lvalue,
 					r == 2 ? "[MPP attempt]" : "");
--- freeradius-1.1.2/src/main/mainconfig.c	2006-04-18 18:26:26.000000000 +0100
+++ freeradius-1.1.2-sim-use-reply/src/main/mainconfig.c	2006-07-07 13:35:07.000000000 +0100
@@ -138,6 +138,8 @@
 	{ "nospace_user", PW_TYPE_STRING_PTR, 0, &mainconfig.do_nospace_user, "no" },
 	{ "nospace_pass", PW_TYPE_STRING_PTR, 0, &mainconfig.do_nospace_pass, "no" },
 	{ "checkrad", PW_TYPE_STRING_PTR, 0, &mainconfig.checkrad, "${sbindir}/checkrad" },
+	{ "simul_reply_message_once", PW_TYPE_STRING_PTR, 0, &mainconfig.simul_reply_message_once, "\r\nDear %{User-Name}, you are already logged in - access denied\r\n\n" },
+	{ "simul_reply_message_multiple", PW_TYPE_STRING_PTR, 0, &mainconfig.simul_reply_message_multiple, "\r\nDear %{User-Name}, you are already logged in %{check:Simultaneous-Use} times - access denied\r\n\n" },
 	{ "proxy_requests", PW_TYPE_BOOLEAN, 0, &mainconfig.proxy_requests, "yes" },
 	{ "proxy", PW_TYPE_SUBSECTION, 0, proxy_config, NULL },
 	{ "security", PW_TYPE_SUBSECTION, 0, security_config, NULL },
--- freeradius-1.1.2/share/dictionary.freeradius.internal	2006-03-07 18:10:09.000000000 +0000
+++ freeradius-1.1.2-sim-use-reply/share/dictionary.freeradius.internal	2006-07-05 14:54:07.000000000 +0100
@@ -66,6 +66,8 @@
 ATTRIBUTE	User-Category				1029	string
 ATTRIBUTE	Group-Name				1030	string
 ATTRIBUTE	Huntgroup-Name				1031	string
+ATTRIBUTE	Simultaneous-Reply-Message-Once		1032	string
+ATTRIBUTE	Simultaneous-Reply-Message-Multiple	1033	string
 ATTRIBUTE	Simultaneous-Use			1034	integer
 ATTRIBUTE	Strip-User-Name				1035	integer
 ATTRIBUTE	Hint					1040	string
--- freeradius-1.1.2/src/include/radius.h	2006-03-07 18:10:08.000000000 +0000
+++ freeradius-1.1.2-sim-use-reply/src/include/radius.h	2006-07-05 14:21:03.000000000 +0100
@@ -143,6 +143,8 @@
 #define PW_USER_CATEGORY		1029
 #define PW_GROUP_NAME			1030
 #define PW_HUNTGROUP_NAME		1031
+#define PW_SIMULTANEOUS_REPLY_MESSAGE_ONCE	1032
+#define PW_SIMULTANEOUS_REPLY_MESSAGE_MULTIPLE	1033
 #define PW_SIMULTANEOUS_USE		1034
 #define PW_STRIP_USER_NAME		1035
 #define PW_HINT				1040
--- freeradius-1.1.2/raddb/radiusd.conf.in	2006-04-20 19:40:29.000000000 +0100
+++ freeradius-1.1.2-sim-use-reply/raddb/radiusd.conf.in	2006-07-07 11:52:46.000000000 +0100
@@ -352,6 +352,18 @@
 nospace_user = no
 nospace_pass = no
 
+# simul_reply_message_once / simul_reply_message_multiple:
+#
+# The default values to use for the Reply-Message attribute
+# returned if session concurrency is detected. These can be
+# over-ridden with the Simultaneous-Reply-Use-Once and
+# Simultaneous-Reply-Message-Multiple reply attributes.
+#
+# The message to return if only a single session is permitted.
+simul_reply_message_once = "\r\nDear %{User-Name}, you are already logged in - access denied\r\n\n"
+# The message to return is more than one sessions are permitted.
+simul_reply_message_multiple = "\r\nDear %{User-Name}, you are already logged in %{check:Simultaneous-Use} times - access denied\r\n\n"
+
 #  The program to execute to do concurrency checks.
 checkrad = ${sbindir}/checkrad
 
--- freeradius-1.1.2/src/include/radiusd.h	2005-04-12 00:45:21.000000000 +0100
+++ freeradius-1.1.2-sim-use-reply/src/include/radiusd.h	2006-07-05 12:50:57.000000000 +0100
@@ -209,6 +209,8 @@
 	char		*nospace_time;
 	char		*log_file;
 	char		*checkrad;
+	char		*simul_reply_message_once;
+	char		*simul_reply_message_multiple;
 	const char      *pid_file;
 	const char	*uid_name;
 	const char	*gid_name;