Hi

        I have a seemingly simple thing I need to do, however it doesn’t seem to be working. In the users file I do a quick match to see if a user is in the regex list I put in (this is for overrides of an ldap group, determining higher privileges, but still basic access for the group users), and then another regex checking against a certain ip range :

DEFAULT User-Name =~ "frankdsa|everdstons|kirddksa|kefls", NAS-IP-Address=~"192.168.104.*"

        Reply-Message += "Welcome %{User-Name}\n",

        Reply-Message += "Admin access",

        Cisco-AVPair := "shell:priv-lvl=15"

This adds a couple of reply messages when the user logs in. Of course the users file is pre-auth so it doesn’t care if the ultimate request gets rejected or not based on authorization or some other check. Therefore I’ve added this to the post-auth-type reject section of the default virtual server:

Post-Auth-Type REJECT {

                update reply {

                Reply-Message := "Authentication failed}"

                }

It may be wiser to return nothing, i.e. Reply-Message := “” for security reasons, but the point is that the reply-messages set in the users file still pass through, so I get

Welcome (username)

Admin Access

Authentication Failed

All together. Am I doing something wrong? I also tried Reply-Message !* , but this stopped the service firing up ( version 2.10 I see this was talked about being fixed in 2.8?), or

Reply-Message -= “%{reply:Reply-Message}”

Which didn’t work either.

Any ideas?

Thanks

Andy