module-failure-message in exec module

Phil Mayers p.mayers at
Fri Jun 7 15:38:42 CEST 2013

On 07/06/13 14:05, stefan.paetow at wrote:
> Andy,
> You may want to try and set it in inner-tunnel's post-auth section:
> if (Module-Failure-Message) {
> 	update outer.reply  {
> 		Module-Failure-Message := "%{Module-Failure-Message}"
> 	}
> }
> That way the response is copied to the outer reply.

Doesn't work. Inner tunnel reject is turned into outer tunnel 
access-challenge for PEAP, so post-auth isn't run, and by the time 
post-auth does run, the attribute is forgotten.

Better to just upgrade to 2.2.x with the inner-tunnel post-auth patch 

More information about the Freeradius-Users mailing list