Thanks a lot Ivan. Could you please correct me if the following are valid. 1. For determining session expiry, i can see the Reply-Message for session timeout from rlm_expiration module. But for determining locked users, i think rlm_unix doesnt pass RLM_MODULE_USERLOCK as part of Reply-Message. 2. For determining if user named xyz has typed wrong passwd and his privilage level, , i will keep /etc/raddb/users entry as xyz Auth-Type := Reject , User-password =~ "*" Reply-Message = "Invalid passwd for xyz(level 2)." I can parse Reply-Message to determine the privilage. Is this the right way to determine the user privilage? 3. For determining if the user is a valid radius user, i will keep this entry at the end in the /etc/raddb/users : DEFAULT Auth-Type := Reject Reply-Message = "Invalid user" Thanks and Regards, Pavan 2008/9/15 <tnt@kalik.net>:
Reply-Message attribute.
Ivan Kalik Kalik Informatika ISP
Dana 15/9/2008, "Sudarshan Soma" <sudarshan12s@gmail.com> piše:
Hi All, Is there anyway if the radius client can determine, if the user authentication failed due to user locked/user-not-existing.
I think the RADIUS doesnt have a field in the response codes to indicate this information. This might be correct in the sense intruder doesnt know the actual reason for authentication failure.
I just wanted to clarify that the information such as locked-state/passwdexpired,... cant be obtained through radius client.
Thanks and Best Regards, - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html