NLTM_AUTH (PAP) and MS-CHAP2 together?

Alan DeKok aland at deployingradius.com
Sun Jan 4 22:31:09 CET 2009


Mike Diggins wrote:
> How do I stop it from sending the same Reply message when the user
> enters a incorrect password. Right now the Reject responds like this:
> 
> Sending Access-Reject of id 22 to 192.168.2.2 port 1025
>         Reply-Message = "Group=NetWorkers"

  Use attr_filter to delete it.

  Or, update the rules to add the Reply-Message in the "post-auth" section.

> Also, my client (a cisco ASA5500 VPN Server) has an authorization check
> box. When I check it, it sends a Radius request with the username and
> password both filled in with the username. FreeRadius seems to treat it
> as another authentication request. What is its purpose?

  <shrug>  Ask Cisco.

  Alan DeKok.



More information about the Freeradius-Users mailing list