Removing Reply-Message on failed authentication, was Re: NLTM_AUTH (PAP) and MS-CHAP2 together?
Mike Diggins
mike.diggins at mcmaster.ca
Tue Mar 10 15:18:40 CET 2009
On Sun, 4 Jan 2009, Alan DeKok wrote:
> Mike Diggins wrote:
>> How do I stop it from sending the same Reply message when the user
>> enters a incorrect password. Right now the Reject responds like this:
>>
>> Sending Access-Reject of id 22 to 192.168.2.2 port 1025
>> Reply-Message = "Group=NetWorkers"
>
> Use attr_filter to delete it.
>
> Or, update the rules to add the Reply-Message in the "post-auth" section.
I'm just getting back to this problem. I'm lost as to how to implement
either of these solutions. To summarise, I want to either remove, or just
not send, any Reply-Message when the user fails authentication. Where
would I put this attr_filter to delete it, and what does the attr_filer
look like? I imagine this is documented, but I can't find the relevant
bits.
-Mike
More information about the Freeradius-Users
mailing list