Removing Reply-Message on failed authentication, was Re: NLTM_AUTH(PAP) and MS-CHAP2 together?

Mike Diggins mike.diggins at mcmaster.ca
Tue Mar 10 18:43:41 CET 2009


On Tue, 10 Mar 2009, tnt at kalik.net wrote:

>> I'm just getting back to this problem. I'm lost as to how to implement
>> either of these solutions. To summarise, I want to either remove, or just
>> not send, any Reply-Message when the user fails authentication. Where
>> would I put this attr_filter to delete it, and what does the attr_filer
>> look like? I imagine this is documented, but I can't find the relevant
>> bits.
>>
>>>  Use attr_filter to delete it.
>>>
>
> You don't have to put it - it's already there in Post-Auth-Type REJECT.
> Just remove Reply-Message from attrs.access_reject file.
>
>>>  Or, update the rules to add the Reply-Message in the "post-auth" section.
>
> Use unlang in Post-Auth-Type REJECT.
>
> update reply {
>     Reply-Message := whatever
> }

That was easy ;)

Thanks,

-Mike



More information about the Freeradius-Users mailing list