Re: [Radiusplugin-users] How to include and use reply-message in access-

radiusplugin-users

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Radiusplugin-users] How to include and use reply-message in access-

From:	Ralf Lübben
Subject:	Re: [Radiusplugin-users] How to include and use reply-message in access-reject for OpenVPN clients
Date:	Sat, 14 May 2011 07:47:26 +0200
User-agent:	KMail/1.13.5 (Linux/2.6.35-28-generic; KDE/4.5.5; i686; ; )

Hi,

the reply-message is integrated in version 2.1.

The message should be printed in the OpenVPN log file (because it's writen to 
stderr). 

Can you check:
1) your radius packets on the wire if the reply message is included (wireshark 
can decode the messages, if you tell wireshark your shared secret)

2) the string "RADIUS-PLUGIN: BACKGROUND AUTH: Reply-Message: ..." in the 
OpenVPN log file, it should contain your message.

The related code is in UserAuth.cpp.

If the message is in the packet and no message is in the log file, please 
contact me again.  

Unfortunately, I'm not aware about a method to forward the message to the 
client. Such a feature must be provided by OpenVPN itself, so that the server 
can send a message to the client and that this message can be set by the 
plugin.

Ralf


Am Freitag, 13. Mai 2011, um 10:35:50 schrieb address@hidden:
> Hi,
> 
> I'm trying to get some meaningful reply messages sent to users when they
> enter an incorrect password. Using freeradius 1.1.3 and radiusplugin
> 2.1. The users are using OpenVPN GUI running on Windows.
> 
> Ive configured freeradius to add a 'reply-message' to 'access-reject'
> messages as below. I can see these reply messages when I run 'radius
> -X'. However, I cant see them in the users OpenVPN client (OpenVPN GUI)
> or in any logs on the OpenVPN server. I can't find any information about
> how to parse the reply-message or how to works other than in the readme
> where it states - "the output is sent to stderr"
> 
> Any help would be most appreciated.
> 
> Jeremy.
> 
> __________________________
> 
> post-auth {
>      sql
>      exec
>      Post-Auth-Type REJECT {
>          # Login failed
>          update reply {
>              Reply-Message := "Login Failed. Please check your username
> and password"
>          }
>          sql
>          attr_filter.access_reject
>      }
> }
> 
> 
> 
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/radiusplugin-users

[Prev in Thread]

Current Thread

[Next in Thread]

[Radiusplugin-users] How to include and use reply-message in access-reject for OpenVPN clients, jutwyut536, 2011/05/13
- Re: [Radiusplugin-users] How to include and use reply-message in access-reject for OpenVPN clients, Ralf Lübben <=

Prev by Date: [Radiusplugin-users] How to include and use reply-message in access-reject for OpenVPN clients
Next by Date: [Radiusplugin-users] Framed-IP-Address doesn't pass to openvpn
Previous by thread: [Radiusplugin-users] How to include and use reply-message in access-reject for OpenVPN clients
Next by thread: [Radiusplugin-users] Framed-IP-Address doesn't pass to openvpn
Index(es):
- Date
- Thread