On Tue, 27 Mar 2007, Hugh Irvine wrote:
Hello Joe -
There is a RADIUS "Reply-Message" reply attribute that can be used to send any message you wish in an Access-Reject. However the display of whatever is sent in the "Reply-Message" is up to your NAS equipment and/or connecting client device. In my experience there are almost no client devices that actually display the "Reply-Message", but as always YMMV.
It seems to me this would be something best reserved for the radius server, not the end-user to track. And it seems trivial to get (at least on 2 out of 3) radius servers to have them log a line to syslog/your choice of log file upon failures, including which of your three scenarios caused the failure.. - d.
On 26 Mar 2007, at 23:50, Joe Shen wrote:
We want to identify the exact reason for customer complaint. So, it that possible to extend radius server and Broadband Access Server ( Juniper E series) to echo different error code for different reason. E.g. Error code 691 for wrong password Error code 851 for wrong access port Error code 852 for exceeding limit of concurrent session number
-- Dominic J. Eidson "Baruk Khazad! Khazad ai-menu!" - Gimli ---------------------------------------------------------------------------- http://www.the-infinite.org/