[RADIATOR] strip attributes from access-reject

Mueller, Jason C jason-mueller at uiowa.edu
Mon Dec 15 09:47:09 CST 2014

Is there a way to not include radius attributes, when sending a RADIUS access-reject?

I have AddToReply attributes in the client stanza. I need to send different attributes based on the device type that is being authenticated against, which is why the AddToReply config is in the client stanza.

Here is a sanitized version of the client stanza:
	Secret	areallygoodsecret
	DupInterval 0
	AddToReply Session-Timeout=0,Juniper-Local-User-Name=some_name

However, some devices don’t like getting attributes in an access-reject, including Juniper MX’s.

Is there a way to strip out all the defined AddToReply attributes, as well as the RADIUS reply-message (attribute 18), when sending an access-reject?



More information about the radiator mailing list