RADIUS reply-message support

Edit online

A reply-message is text that you create and configure in the radiusd.conf file.

It is intended for the NAS or AP to return as a string to the user. These can be a success, failure or challenge message. They are readable text fields and their contents are implementation-dependent and configured at server configuration time. The default for these attributes is no text. You may configure all, none, or one, two, or three attributes.

RADIUS supports the following Reply-Message Attributes:

  • Accept Reply-Message
  • Reject Reply-Message
  • CHAP Reply-Message
  • Password Expired Reply-Message

These attributes are added to the radiusd.conf configuration file and read into a global configuration structure at daemon start time. Set these values using SMIT RADIUS Panels as part of the Configure Server option. The maximum number of characters in each string is 256 bytes.

The function is implemented as follows:

  1. When the radiusd daemon starts, it will read the radiusd.conf file and set the Reply-Message attributes.
  2. When an access request packet is received, the user is authenticated.
  3. If the authentication response is an access accept, then the Accept Reply-Message text is checked. If the text is present, the string is returned in the access accept packet.
  4. If the authentication is rejected, then the Reject Reply-Message text is checked and returned in the access reject packet.
  5. If the Authentication is challenged, then the CHAP Reply-Message attribute is checked and sent as part of the Access-Challenge packet.