Sending Reply-Message in Access-Reject (PEAP/MSCHAPv2)

Phil Mayers p.mayers at imperial.ac.uk
Tue May 24 17:11:41 CEST 2011


On 24/05/11 15:23, Martin Goldstone wrote:

> Yes, I have this in both the peap stanza and the ttls stanza.  This
> seems to be fine when access is accepted, for example if I set a
> Reply-Message saying "Welcome" in the post-auth section of the
> inner-tunnel config, I see this in the final access-accept message.
> Also, the output from freeradius -X suggests that (in the case of a user
> rejection) it gets the reply from the tunnel and that tunneled

Ah, damn...

I've just remembered - the PEAP code doesn't save the attributes on 
reject :o(

As you mentioned in your original email, the outer tunnel code doesn't 
have any of the "useful" info so can only set a generic message.



More information about the Freeradius-Users mailing list