[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Radiusplugin-users] How to include and use reply-message in access-
From: |
Ralf Lübben |
Subject: |
Re: [Radiusplugin-users] How to include and use reply-message in access-reject for OpenVPN clients |
Date: |
Sat, 14 May 2011 07:47:26 +0200 |
User-agent: |
KMail/1.13.5 (Linux/2.6.35-28-generic; KDE/4.5.5; i686; ; ) |
Hi,
the reply-message is integrated in version 2.1.
The message should be printed in the OpenVPN log file (because it's writen to
stderr).
Can you check:
1) your radius packets on the wire if the reply message is included (wireshark
can decode the messages, if you tell wireshark your shared secret)
2) the string "RADIUS-PLUGIN: BACKGROUND AUTH: Reply-Message: ..." in the
OpenVPN log file, it should contain your message.
The related code is in UserAuth.cpp.
If the message is in the packet and no message is in the log file, please
contact me again.
Unfortunately, I'm not aware about a method to forward the message to the
client. Such a feature must be provided by OpenVPN itself, so that the server
can send a message to the client and that this message can be set by the
plugin.
Ralf
Am Freitag, 13. Mai 2011, um 10:35:50 schrieb address@hidden:
> Hi,
>
> I'm trying to get some meaningful reply messages sent to users when they
> enter an incorrect password. Using freeradius 1.1.3 and radiusplugin
> 2.1. The users are using OpenVPN GUI running on Windows.
>
> Ive configured freeradius to add a 'reply-message' to 'access-reject'
> messages as below. I can see these reply messages when I run 'radius
> -X'. However, I cant see them in the users OpenVPN client (OpenVPN GUI)
> or in any logs on the OpenVPN server. I can't find any information about
> how to parse the reply-message or how to works other than in the readme
> where it states - "the output is sent to stderr"
>
> Any help would be most appreciated.
>
> Jeremy.
>
> __________________________
>
> post-auth {
> sql
> exec
> Post-Auth-Type REJECT {
> # Login failed
> update reply {
> Reply-Message := "Login Failed. Please check your username
> and password"
> }
> sql
> attr_filter.access_reject
> }
> }
>
>
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> https://lists.nongnu.org/mailman/listinfo/radiusplugin-users