Recording Module-Failure-Message when using PEAP

Adam Bishop Adam.Bishop at
Thu May 29 15:02:24 CEST 2014

I’m attempting to store the module-failure-message in the authenticate section:

authenticate {
       Auth-Type MS-CHAP {
               mschap {
                       reject = 1
                       ok = 1

               if (!ok) {
                       if (Module-Failure-Message) {
                              update reply {
                                      Reply-Message += "%{Module-Failure-Message}"


(I’ve also tried stashing the attribute in the control list, and also a few different attributes).

However, once the post auth section is invoked, the attributes are no longer present.

It seems the extra Access-Challenge -> Access Request before the reject is sent when using PEAP is wiping the state clean(?), so I’m unsure how to persist attributes so they can be logged in post auth.

Is this unintentional behaviour, or is my config wrong?

Also, there seems to be some memory corruption loading the "server" block in the debug output: "server { # from file p.�{�".


Adam Bishop

 gpg: 0x6609D460

Janet, the UK's research and education network.

Janet(UK) is a trading name of Jisc Collections and Janet Limited, a 
not-for-profit company which is registered in England under No. 2881024 
and whose Registered Office is at Lumen House, Library Avenue,
Harwell Oxford, Didcot, Oxfordshire. OX11 0SG. VAT No. 614944238

-------------- next part --------------
A non-text attachment was scrubbed...
Name: radiusd -c.txt.gz
Type: application/x-gzip
Size: 2709 bytes
Desc: radiusd -c.txt.gz
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: raddebug.txt.gz
Type: application/x-gzip
Size: 11119 bytes
Desc: raddebug.txt.gz
URL: <>

More information about the Freeradius-Users mailing list