Hi there,
Im using freeradius on FreeBSD and my database is on Postgres…
For the last five day I was looking for a solution on my problem … but did get it right 
Basicaly I have organized the system like that:
- When i creat a user My web system puts in radcheck (username User-password == password )
after, let say (a month) my system sees that the user havent paid and remove it from radcheck…
Then if the same user try to get in… he get the “invalid username or password”
How can I fix it to “Please come to the office and give me some money”
Try putting the following two records into the database, instead of removing user records from the table:
To the radcheck:
username | Auth-Type | := | Reject
And to the radreply:
username | Reply-Message | = | Please come to the office and give me some money
10x…
That was quite helpful…
Can I ask for something else… how to change “Invalid username or password”
I mean… I live in Bulgaria and would like to use Bulgarian language for my customers…
The RFC2865 says the following:
If any value of the received Attributes is not acceptable, then the RADIUS server MUST transmit a packet with the Code field set to 3 (Access-Reject). It MAY include one or more Reply-Message Attributes with a text message which the NAS MAY display to the user.
In case of FreeRADIUS, placing Auth-Type := Reject in the radcheck table causes FreeRADIUS to return the Access-Reject packet to RADIUS client (NAS). If you want to include you own Reply-Message attribute in this packet you need to place the corresponding record in the radreply table. Please pay attention that Auth-Type and Reply-Message attributes should be placed in the different tables.
U got my question wrong....
I got all of what u said....
Im asking for something else.....
When a client sends username and password using the login page.... we have "lets say 3 different scenarios"
- Login ok.... client gets in "Internet"
- radius server not responding.... -> We all kn what is that
- Login failed
3.1 the username or the password are wrong -> so we get "Invalid username or password"
3.2 the username is rejected -> so we get again "invalid username or password"
So.... I did what u offer and put
username | Auth-Type | := | Reject (radcheck) and username | Reply-Message | = | "alabala in bulgarian"
result is -> its working fine
Now what I want is when a user enter wrong username or password to say "invalid username or password" in Bulgarian!
"invalid username or password" I believe is a string placed somewhere in the radius conf files or somewhere in the Mikrotik Hotspot http files..... BUT I cant find it....
I found a file error.txt (in the Mk hotspot http files)..... and I guess thats my solution, but still not sure!
What is your service? PPPoE, Hotspot or something else? Anyway I use Hotspot and PPPoE. Both of them, if service expired, router shows them page, that service is expired. On the freeradius, if service expired, our third-party application changes database parameter to “Framed-Pool:=Invalid”. On the RouterOS, if users get pool=Invalid, RouterOS drops all traffic excluding TCP:80. When user tries to open web browser, RouterOS redirects TCP:80 traffic to web-proxy. Then Web-proxy allways shows error.html. Just you need to customize error.html file and copy back it to RouterOS. Additionally we allowed online payment pages from users, who gets ip address from pool “Invalid”. Customer calls to our callcenter is decreased 3 times, after we did it. Hope it will help.
HotSpot…
It MAY include one or more Reply-Message Attributes with a text message which the NAS MAY display to the user.
Thats OK. “One or More” … What if they are two? which one will show NAS to the client!?