Access Reject Conditional Attributes
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Wed Apr 23 14:57:29 CEST 2014
Hi,
> I need a suggestion on how can I send extra information in Access Reject,
> In my scenario, user will provide credentials and those credentials will
> be checked from database(I have already achieved this functionality)
> I want to differentiate between two scenarios, one is where user provide
> incorrect credentials and second is where user does not have resources in
> their account. In second scenario I want to send an extra attribute in
> Access Reject, so that proper error message will be displayed to user.
> Suggestions will be highly appreciated. Thanks
what are your clients? if using eg wireless/802.1X, there is nothing in the supplicant
to deliver the message to the end user - you can dump all you want in Access-Reject
(eg Reply-Message -so long as there is no EAP-Message and you are following the RFCs etc -
but otherwise no). Incorrect password/credentials is possible with later FreeRADIUS -
eg 2.1.x/2.2.x or 3.0.x using the mschap error reply string - that will get to most
supplicants
alan
More information about the Freeradius-Users
mailing list