Reply-message stripped from access-reject response
sbcsgjmbbz at snkmail.com
sbcsgjmbbz at snkmail.com
Sat May 14 12:28:30 CEST 2011
Hi,
Using freeradius 1.1.3. Im trying to get freeradius to return a helpful
reply-message in access-rejects to the NAS but the reply-message seems
to get stripped from the access-reject packet. Ive configured the
reply-message as below in /etc/raddb/sites-enabled/default
post-auth {
sql
exec
Post-Auth-Type REJECT {
# Login failed
update reply {
Reply-Message = "Login Failure"
}
sql
attr_filter.access_reject
}
}
Using wireshark on the radius server, I can see the correct
reply-message AVP as below
Radius Protocol
Code: Access-Reject (3)
Packet identifier: 0xda (218)
Length: 35
Authenticator: a6208196777dac6e68b45f647a46bc44
[This is a response to a request in frame 1]
[Time from request: 1.000227000 seconds]
Attribute Value Pairs
AVP: l=15 t=Reply-Message(18): Login Failure
Reply-Message: Login Failure
However, on the receiving NAS, using wireshark, there is no
reply-message AVP!
Radius Protocol
Code: Access-Reject (3)
Packet identifier: 0xda (218)
Length: 20
Authenticator: 30636716e333da33ac25c8253097b608
[This is a response to a request in frame 1]
[Time from request: 1.107899000 seconds]
Any ideas on what I could be doing wrong, It would be much appreciated!
More information about the Freeradius-Users
mailing list