Multiple Reply-Message's in Access-Challenge
Herwin Weststrate
herwin at quarantainenet.nl
Wed Sep 23 16:29:04 CEST 2015
On 23-09-15 16:24, Richard Levenberg wrote:
> According the RFC, http://freeradius.org/rfc/rfc2865.html#Reply-Message
> ...
> Multiple Reply-Message's MAY be included and if any are displayed,
> they MUST be displayed in the same order as they appear in the
> packet
> ...
>
> In the logs I can see that two Reply-Messages are showing up as expected
> having added them from my custom module. However the VPN clients I have
> tried only display the first. I have setup VPN Client -> ASA 5505 ->
> FreeRADIUS -> my_module working and the code I'm using for adding the
> reply-message is:
>
> pairmake_reply("Reply-Message", buffer, T_OP_SET);
> where buffer is a char *.
>
> Are there no clients which adhere to the spec or am I adding the
> Reply-Message attributes incorrectly?
You could always inspect the traffic to see if the packets include
multiple reply-message attributes.
But in this case, you're doing it wrong. T_OP_SET equals the operator
":=", which will override an existing value. You're probably looking for
T_OP_ADD ("+=").
--
Herwin Weststrate
More information about the Freeradius-Devel
mailing list