Phil Mayers (08.02.2008 12:03):
Ok, now I'm returning Auth-Type := Reject from my check-items-query
and I hoped to be able to send a little more in depth information
along the way in the Reply-Message attribute, but unfortunately
this info gets lost. It seems that I have to fill this attribute in
the reply-items-query.
Does this mean the reply-items-query has to trigger the same
functions as the check-items-query again to find out what the
reason for the reject was? Or do I have to fill a temporary table
with the reply message in the check-items-query which gets then
returned in the reply-items-query?
Hmm. I guess you're doing something like:
authorize_check_query = "select myproc('%{SQL-User-
Name}','...etc...')"
...and are trying to avoid re-calling the same (or another) function
in the reply query.
That's the problem.
How will the reply query be aware that the user has already be
rejected without using additional queries?
I tried calling the check query with %{control:My-Reply} or %
{control:Auth-Type} as attributes but those are empty though set in
the check query.
What you could do is place a local attribute in the check items,
then copy it to the reply items in an unlang section:
i.e. return 2 rows from the stored proc:
attr | op | value
-----------+----+--------------
My-Reply | := | some message
Auth-Type | := | Reject
in /etc/raddb/dictionary:
ATTRIBUTE My-Reply 3000 string
and have:
authorize {
sql
}
post-auth {
Post-Auth-Type Reject {
if (control:My-Reply) {
update reply {
Reply-Message = "%{control:My-Reply}"
}
}
}
}
Thanks Phil, that was it! Now I'm getting the right Reply-Message.
Actually,
if (control:My-Reply)
must be
if ("%{control:My-Reply}")
to check if it's empty.
JB
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html