[Help] Is that possible to change the reject message that appears at the Windows Pop Up
Jouni Malinen
jkmalinen at gmail.com
Thu Mar 21 18:26:33 CET 2013
On Mon, Mar 18, 2013 at 8:42 PM, Arran Cudbard-Bell
<a.cudbardb at freeradius.org> wrote:
> The old HP switches used to convert the Reply-Message into an EAP-Notification and send it after the EAP-Success or EAP-Failure.
This is not compliant with the EAP specification (EAP-Notification
needs to be sent prior to completion of an EAP authentication method).
Sending it after EAP-Success or EAP-Failure would look like an attempt
to initiate another authentication exchange.
> It may be possible to send it before the EAP-Success/EAP-Failure message for some EAP methods, but chances are not all supplicants will like it, and most probably won't display anything.
EAP-Notification is not really supported in general and even the
specification does not really require displaying anything from this
message to the user.. There is also no way of authenticating this
information, so this would not be ideal for authorization failures.
- Jouni
More information about the Freeradius-Users
mailing list