On 18 Mar 2013, at 12:07, a.l.m.bu...@lboro.ac.uk wrote: > hi, > > we would all love to be able to send a relevant error message to our > clients if they fail to authenticate (either locally or remotely). > but we cant. :-(
The old HP switches used to convert the Reply-Message into an EAP-Notification and send it after the EAP-Success or EAP-Failure. The native OSX supplicant used to log this even though it never displayed it to the user. The Windows supplicant ignored it completely. WPA_Supplicant restarted authentication and went into an infinite authentication loop. It may be possible to send it before the EAP-Success/EAP-Failure message for some EAP methods, but chances are not all supplicants will like it, and most probably won't display anything. -Arran - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
