On Nov 9, 2007 2:11 PM, Patric <patrict@bluebottle.com> wrote:
Lee Sing Chyun wrote:
Hi,
Is there a way to reply with a intuitive Reply-Message (for e.g., 'Wrong Password') when the user tries to authenticate with a wrong password?
My current configuration is using rlm_pap and rlm_sql for authorization and authentication. FreeRADIUS version is 1.1.7.
Thanks in advance!
-- Best Regards, SC
Be careful with this, do you REALLY want to tell a possible attacker what they are doing wrong? Also many clients will completely ignore the reply message anyway...
HTH Patric <http://www.freeradius.org/list/users.html>
Hi Patric, Thanks for your timely warning! :-) The reason I wanted to set the Reply-Message with intuitive messages is because I have modified sql.conf to log the Reply-Message into radpostauth table: postauth_query = "INSERT into ${postauth_table} (user, pass, reply, date, reason) values ('%{User-Name}', '%{User-Password:-Chap-Password}', '%{reply:Packet-Type}', NOW(), '%{reply:Reply-Message}')" The above worked fine for these scenarios: - Failed Simultaneous-Use checks : Reply-Message was "You are already logged in - access denied". - Failed Login-Time checks: Reply-Message was "You are calling outside your allowed timespan" - Failed Expiration checks: Reply-Message was "Password Has Expired" But in the scenario of wrong passwords, I notice the Reply-Message was empty. Hence, I'm looking for ways to log down "wrong passwords" reasons into the radpostauth table. -- Best Regards, SC