Customise reply-message

Alan DeKok aland at deployingradius.com
Thu Aug 25 10:23:00 UTC 2022 

On Aug 25, 2022, at 6:10 AM, Can Paçacı <pacaci at servisnet.com.tr> wrote:
> I have configured site default file as in the followings but  it gives the same error on wrong User-Password and wrong NAS-Identifier.
> How can both cases be separated

  You can't just put random things into the configuration files, and expect that it magically does what you want.

  The documentation describes how the configuration files works.  Please read the documentation, including the Wiki page I pointed you to, and "man unlang".

  The configuration below works as documented.

> ######
>         update reply {
>         Reply-Message = "test**** Wrong NAS: %{NAS-Identifier} "
>                 }

  i.e. ALWAYS update the reply with a Reply-Message saying wrong NAS.

> #####
>         update reply {
>         #Reply-Message = " Wrong Password..."
>         Reply-Message = "%{Reply-Message} Wrong Password"
>         }

  This does nothing, because the reply already contains a Reply-Message attribute.  See "man unlang", and the "=" operator.

>                 -sql

  This runs the SQL module.

> [root at test-servisnet sites-enabled]# echo "User-Name='deneme1 at kablonet',User-Password='1234',NAS-Identifier=06UlusRHUA0" | radclient -x 127.0.0.1 auth secret11

  Read http://wiki.freeradius.org/list-help

  You cannot debug the SERVER by looking at the CLIENT output. 

  I suggested that you read the Wiki page which documents how the SQL module works.  It looks like you didn't do that.  You will find it difficult to fix problems if you don't read the documentation, and therefore have no idea how the server works.

  Your original question was " If the NAS-identifier attribute in the radcheck table failed, we want it to send a separate reply-message"

  The SQL module doesn't do something *else* if the radcheck conditions fail.  The Wiki page describes how the SQL module works.  You can't make it behave differently through wishful thinking.

  If you want to send a reply based on some condition, then write the condition down, like this:

	if (NAS-Identifier != "foo") {
		update reply {
			Reply-Message := "foo"
		}
	}

  It looks like you're just trying to make the server "do what you want" by trying a bunch of things.  This just won't work.  You have to read the documentation and understand it.

  Alan DeKok.

More information about the Freeradius-Users mailing list