Removing Reply-Message on failed authentication, was Re: NLTM_AUTH(PAP) and MS-CHAP2 together?

tnt at kalik.net tnt at kalik.net
Tue Mar 10 17:39:02 CET 2009


>I'm just getting back to this problem. I'm lost as to how to implement
>either of these solutions. To summarise, I want to either remove, or just
>not send, any Reply-Message when the user fails authentication. Where
>would I put this attr_filter to delete it, and what does the attr_filer
>look like? I imagine this is documented, but I can't find the relevant
>bits.
>
>>  Use attr_filter to delete it.
>>

You don't have to put it - it's already there in Post-Auth-Type REJECT.
Just remove Reply-Message from attrs.access_reject file.

>>  Or, update the rules to add the Reply-Message in the "post-auth" section.

Use unlang in Post-Auth-Type REJECT.

update reply {
     Reply-Message := whatever
}

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list