Removing Reply-Message on failed authentication, was Re: NLTM_AUTH(PAP) and MS-CHAP2 together?
Mike Diggins
mike.diggins at mcmaster.ca
Tue Mar 10 18:43:41 CET 2009
On Tue, 10 Mar 2009, tnt at kalik.net wrote:
>> I'm just getting back to this problem. I'm lost as to how to implement
>> either of these solutions. To summarise, I want to either remove, or just
>> not send, any Reply-Message when the user fails authentication. Where
>> would I put this attr_filter to delete it, and what does the attr_filer
>> look like? I imagine this is documented, but I can't find the relevant
>> bits.
>>
>>> Use attr_filter to delete it.
>>>
>
> You don't have to put it - it's already there in Post-Auth-Type REJECT.
> Just remove Reply-Message from attrs.access_reject file.
>
>>> Or, update the rules to add the Reply-Message in the "post-auth" section.
>
> Use unlang in Post-Auth-Type REJECT.
>
> update reply {
> Reply-Message := whatever
> }
That was easy ;)
Thanks,
-Mike
More information about the Freeradius-Users
mailing list