#
# old_revision [39c9f012ce8b82b4f02cb9b3e8a1cc5775b00f4f]
#
# patch "pf/lib/pf/radius.pm"
#  from [44c47dda78009b6f1cd6150e686cea8e838309cd]
#    to [df54e5567196d07368bba9435937eccba846464b]
#
============================================================
--- pf/lib/pf/radius.pm	44c47dda78009b6f1cd6150e686cea8e838309cd
+++ pf/lib/pf/radius.pm	df54e5567196d07368bba9435937eccba846464b
@@ -78,7 +78,9 @@ sub authorize {
     my $weActOnThisCall = $this->_doWeActOnThisCall($connection_type, $switch_ip, $mac, $port, $user_name);
     if ($weActOnThisCall == 0) {
         $logger->info("We decided not to act on this radius call. Stop handling request from $switch_ip.");
-        return [$RADIUS::RLM_MODULE_NOOP, undef];
+        my %RAD_REPLY;
+        $RAD_REPLY{'Reply-Message'} = "Not acting on this request";
+        return [$RADIUS::RLM_MODULE_NOOP, %RAD_REPLY];
     }
 
     $logger->info("handling radius autz request: from switch_ip => $switch_ip, " 
@@ -106,7 +108,9 @@ sub authorize {
             "Can't instantiate switch $switch_ip. This request will be failed. "
             ."Are you sure your switches.conf is correct?"
         );
-        return [$RADIUS::RLM_MODULE_FAIL, undef];
+        my %RAD_REPLY;
+        $RAD_REPLY{'Reply-Message'} = "Switch is not managed by PacketFence";
+        return [$RADIUS::RLM_MODULE_FAIL, %RAD_REPLY];
     }
 
     # verify if switch supports this connection type
@@ -151,7 +155,9 @@ sub authorize {
             ."is not in production -> Returning ACCEPT");
         $switch->disconnectRead();
         $switch->disconnectWrite();
-        return [$RADIUS::RLM_MODULE_OK, undef];
+        my %RAD_REPLY;
+        $RAD_REPLY{'Reply-Message'} = "Switch is not in production, so we allow this request";
+        return [$RADIUS::RLM_MODULE_OK, %RAD_REPLY];
     }
 
     # grab vlan
@@ -162,7 +168,9 @@ sub authorize {
         $logger->info("According to rules in fetchVlanForNode this node must be kicked out. Returning USERLOCK");
         $switch->disconnectRead();
         $switch->disconnectWrite();
-        return [$RADIUS::RLM_MODULE_USERLOCK, undef];
+        my %RAD_REPLY;
+        $RAD_REPLY{'Reply-Message'} = "This node is not allowed to use this service";
+        return [$RADIUS::RLM_MODULE_USERLOCK, %RAD_REPLY];
     }
 
     if (!$switch->isManagedVlan($vlan)) {
@@ -170,7 +178,9 @@ sub authorize {
                      ."Is the target vlan in the vlans=... list?");
         $switch->disconnectRead();
         $switch->disconnectWrite();
-        return [$RADIUS::RLM_MODULE_FAIL, undef];
+        my %RAD_REPLY;
+        $RAD_REPLY{'Reply-Message'} = "New VLAN is not a managed VLAN";
+        return [$RADIUS::RLM_MODULE_FAIL, %RAD_REPLY];
     }
 
     #closes old locationlog entries and create a new one if required