Sending Reply-Message in Access-Reject (PEAP/MSCHAPv2)

[Martin Goldstone]

Hello,

Just looking for a bit of advice here.  I've been setting up freeradius
here recently, and whilst I'm mostly finished, there are a few points
that still need to be addressed.  The main one is sending a (semi)
meaningful reply message when a user is rejected.  Unfortunately, I'm
having trouble figuring out how to return a Reply-Message from with in
the inner tunnel.  Well, to be more specific, returning that
Reply-Message within the final Access-Reject.

So far, I've figured that I can update outer.reply within the inner
tunnel, but this gets sent out in an Access-Challenge follows the
initial failure, but not subsequently.  I've tried to put the update
clause within Post-Auth-Type REJECT {}, both in the inner tunnel and
outside as well, with no sucess (the inner one appears never to be
called), the outer one has no knowledge of what was set in the inner
one, so I could set an arbitrary message such as "failed", but I was
hoping to be a little more helpful than that.

Any pointers as to where to look/what to do, or even if this is
possible, would be appreciated.

Thanks in advance,

Martin
-- 

Martin Goldstone            Keele University, Keele,
IT Systems Administrator    Staffordshire, United Kingdom, ST5 5BG
Finance & IT                Telephone: +44 1782 734457
-------------- next part --------------
A non-text attachment was scrubbed...
Name: m_j_goldstone.vcf
Type: text/x-vcard
Size: 297 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110524/f967af34/attachment.vcf>