How to retain Module-Failure-Message from inner-tunnel when using PEAP
Peter Steadman
psteadman at warwickshire.ac.uk
Thu Jan 3 15:36:49 CET 2019
Hello
I am struggling to extract the inner-tunnel reject message to linelog and
should be grateful for some help please.
Instead of getting;
Module-Failure-Message := "Rejected: User-Name contains whitespace"
the cached message it is being replaced in the final eap exchange by;
The users session was previously rejected: returning reject (again.)
I did find this post;
http://lists.freeradius.org/pipermail/freeradius-users/2014-December/074957.html
which is exactly my issue helpfully with a solution, but unfortunately I
seem to be struggling to apply the solution.
- in inner-tunnel, post-auth-type Reject, do:
update outer.session-state {
Module-Failure-Message := &request:Module-Failure-Message
}
This seems to work ok but when I try applying the second part;
And then in the “default” virtual server, post-auth section, you can use:
%{%{session-state:Module-Failure-Message}:-%{Module-Failure-Message}}
I just get the error "Missing attribute value" when trying to start the
server which leads me to suspect that I am not putting this in right place
or formatting it incorrectly.
Could someone please give me an example of this
"%{%{session-state:Module-Failure-Message}:-%{Module-Failure-Message}}"
in the context of the post-auth section.
many thanks
Pete
--
<https://twitter.com/warwickshirecol>
<https://www.facebook.com/WarwickshireCollege>
<https://www.linkedin.com/edu/warwickshire-college-group-355076>
<https://www.instagram.com/warwickshirecol/>
College Email
Disclaimer
This message and any files transmitted with it is intended for
the addressee only and may contain information that is confidential or
privileged.
Unauthorised use is strictly prohibited and may be unlawful.
If you are not the addressee, you should not read, copy, disclose or
otherwise use this message, otherwise than to notify the College via
postmaster at warkscol.ac.uk <mailto:postmaster at warkscol.ac.uk>. You should
delete this message and any files transmitted with it from your computer
and destroy any copies made.
Warwickshire College gives no warranty or
representation as to the accuracy or reliability of the message and files
and does not necessarily endorse any opinions expressed within it.
More information about the Freeradius-Users
mailing list