Removing Reply-Message on failed authentication, was Re: NLTM_AUTH (PAP) and MS-CHAP2 together?

Mike Diggins mike.diggins at mcmaster.ca
Tue Mar 10 15:18:40 CET 2009


On Sun, 4 Jan 2009, Alan DeKok wrote:

> Mike Diggins wrote:
>> How do I stop it from sending the same Reply message when the user
>> enters a incorrect password. Right now the Reject responds like this:
>>
>> Sending Access-Reject of id 22 to 192.168.2.2 port 1025
>>         Reply-Message = "Group=NetWorkers"
>
>  Use attr_filter to delete it.
>
>  Or, update the rules to add the Reply-Message in the "post-auth" section.

I'm just getting back to this problem. I'm lost as to how to implement 
either of these solutions. To summarise, I want to either remove, or just 
not send, any Reply-Message when the user fails authentication. Where 
would I put this attr_filter to delete it, and what does the attr_filer 
look like? I imagine this is documented, but I can't find the relevant 
bits.

-Mike






More information about the Freeradius-Users mailing list