unlang to customize error message
Stefano Zanmarchi
zanmarchi at gmail.com
Wed May 4 15:57:24 CEST 2016
Thank you all, but it's not working.
Setting "send_error = yes" in mods-enabled/eap works fine: win 10 users are
prompted to reenter passwords.
Whereas statically setting Reply-Message in the "Post-Auth-Type Reject"
isn't.
I've tried the following
Reply-Message := "E=691 R=1 C=f37de5ab4ddb5307091b96430c78400c V=3
M=Authentication failed"
(where C=f37de5ab4ddb5307091b96430c78400c is my invention) and win 10 users
are not prompted.
My guess is that "send_error = yes" works fine because of the challenge (
"C=..." ) dinamically set by Freeradius.
Since "send_error = yes" does the magic, is there an unlang-way to
have "send_error"
conditionally set to "yes" or "no", based on a sql query?
Thanks again,
Stefano
On Thu, Apr 28, 2016 at 2:10 PM, Alan DeKok <aland at deployingradius.com>
wrote:
> On Apr 28, 2016, at 6:03 AM, Stefano Zanmarchi <zanmarchi at gmail.com>
> wrote:
> >
> > According to MS-CHAP-V2 standard in case of authentication failure the
> > Failure Packet should contain the following text in the Message
> > field: "E=691 R=... ..." .
> > Freeradius does send "E=691" if send_error is set to yes
> > in mods-enabled/eap, but this may cause (as stated in the comments) some
> > clients not to work.
>
> You can edit the reply in the "Post-Auth-Type Reject" section. Just set
> the attribute to the value you need.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list