PEAP / mschapv2 Error Messages
Alan DeKok
aland at deployingradius.com
Fri Aug 14 08:51:01 CEST 2009
Michael Bryant wrote:
>> unlang? set a variable to the value of MS-CHAP-Error and then set the Reply-Message
>> to be some text with that variable in it.
>>
> Unfortunately, this sends it back in the next packet, which is an
> Access-Challenge, not in the final Access-Reject.
Sending Reply-Message in an Access-Reject is not permitted for EAP
sessions. It is also not supported by any NAS.
What you want to do is impossible. Even if you get FreeRADIUS to send
a Reply-Message, it will get ignored by the NAS and the client PC. As a
result, the message will do *nothing* useful.
Alan DeKok.
More information about the Freeradius-Users
mailing list