How to retain Module-Failure-Message from inner-tunnel when using PEAP

Alan Buxey alan.buxey at gmail.com
Thu Jan 3 16:04:13 CET 2019


hi,

what version is your server?  often you will get or read suggestions that
would be for the later version...or sometimes hideously old advice that
only worked on a v2.x box! ;-)

alan

On Thu, 3 Jan 2019 at 14:37, Peter Steadman <psteadman at warwickshire.ac.uk>
wrote:

> Hello
> I am struggling to extract the inner-tunnel reject message to linelog and
> should be grateful for some help please.
> Instead of getting;
>
>   Module-Failure-Message := "Rejected: User-Name contains whitespace"
>
> the cached message it is being replaced in the final eap exchange by;
>
>  The users session was previously rejected: returning reject (again.)
>
> I did find this post;
>
> http://lists.freeradius.org/pipermail/freeradius-users/2014-December/074957.html
>  which is exactly my issue helpfully with a solution, but unfortunately I
> seem to be struggling to apply the solution.
>
>  - in inner-tunnel, post-auth-type Reject, do:
>
> update outer.session-state {
> Module-Failure-Message := &request:Module-Failure-Message
> }
>
>
> This seems to work ok but when I try applying the second part;
>
>   And then in the “default” virtual server, post-auth section, you can use:
>
> %{%{session-state:Module-Failure-Message}:-%{Module-Failure-Message}}
>
> I just get the error "Missing attribute value" when trying to start the
> server which leads me to suspect that I am not putting this in right place
> or formatting it incorrectly.
> Could someone please give me an example of this
> "%{%{session-state:Module-Failure-Message}:-%{Module-Failure-Message}}"
> in the context of the post-auth section.
> many thanks
> Pete
>
> --
>
>
>
>
>
>
>
>
>
>
>
>  <https://twitter.com/warwickshirecol>
> <https://www.facebook.com/WarwickshireCollege>
> <https://www.linkedin.com/edu/warwickshire-college-group-355076>
> <https://www.instagram.com/warwickshirecol/>
>
>
>
>
>
>
>
>
>
>
> College Email
> Disclaimer
>
>
> This message and any files transmitted with it is intended for
> the addressee only and may contain information that is confidential or
> privileged.
>
>
> Unauthorised use is strictly prohibited and may be unlawful.
> If you are not the addressee, you should not read, copy, disclose or
> otherwise use this message, otherwise than to notify the College via
> postmaster at warkscol.ac.uk <mailto:postmaster at warkscol.ac.uk>. You should
> delete this message and any files transmitted with it from your computer
> and destroy any copies made.
>
>
> Warwickshire College gives no warranty or
> representation as to the accuracy or reliability of the message and files
> and does not necessarily endorse any opinions expressed within it.
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html


More information about the Freeradius-Users mailing list