Freeradius：驗證失敗時沒有回复消息

我已經在 RHEL 6.5 伺服器上為基於 MAC 的身份驗證配置了 freeradius，為此，我遵循了本指南。

根據上述指南，我authorized_macs為有效 MAC 地址創建瞭如下文件：

xx-xx-xx-xx-xx-xx    Reply-Message = "Device with MAC Address %{Calling-Station-Id} authorized for network access"
yy-yy-yy-yy-yy-yy    Reply-Message = "Device with MAC Address %{Calling-Station-Id} authorized for network access"

我嘗試在文件authorize部分進行某些更改/etc/raddb/sites-available/default，以便設置Reply-Message失敗的身份驗證，如下所示：

authorize {
 preprocess

 # if cleaning up the Calling-Station-Id...
 rewrite.calling_station_id

 # now check against the authorized_macs file
 authorized_macs
       if (!ok) {
       update control {
             Reply-Message := "Login Failed. MAC Address %{Calling-Station-ID} is NOT valid."
           }
           reject
       }
       else {
           # accept
       users
           update control {
             Auth-Type := Accept
           }
       }
}

使用 測試配置時radclient，

認證成功：

> echo "Calling-Station-Id=xx-xx-xx-xx-xx-xx" | radclient -s localhost:1812 auth testing123

Received response ID 55, code 2, length = 93
       Reply-Message = "Device with MAC Address xx-xx-xx-xx-xx- authorized for network access"

          Total approved auths:  1
            Total denied auths:  0
              Total lost auths:  0

認證失敗：

> echo "Calling-Station-Id=zz-zz-zz-zz-zz-zz" | radclient -s localhost:1812 auth testing123

Received response ID 220, code 3, length = 20

      Total approved auths:  0
        Total denied auths:  1
          Total lost auths:  0

如果認證不成功，Reply-Message則顯示 no。

如果我需要為 Access-Reject 響應啟用消息，我應該怎麼做？

將 設置Reply-Message在一個**update reply**塊中，而不是update control. 使用您的範例：

       update reply {
             Reply-Message := "Login Failed. MAC Address %{Calling-Station-ID} is NOT valid."
           }

引用自：https://unix.stackexchange.com/questions/225539