Hi all,
Trying to use the provided ntlm_auth exec module to authenticate users
where the NAS uses pap, which works fine. I just want to improve my
error reporting and pick up the return string from the failure of the
module, .e.g -
Exec plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)
Looking around on the internet it seems I might use something like:
Auth-Type NTLM_AUTH {
ntlm_auth
if (ok) {
}
else {
update reply {
reply-message += "%{Module-Failure-Message}"
}
}
}
But the else statement never seems to get processed :
Exec output: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)
Exec plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)
[ntlm_auth] Exec: program returned: 1
++[ntlm_auth] returns reject
Using Post-Auth-Type REJECT
# Executing group from file /usr/local/etc/raddb/sites-enabled/default
+- entering group REJECT {...}
Questions are - does the exec module return to the
Module-Failure-Message variable or another I can use, and why doesn't it
process the subsection of the auth-type section on failure?
Thanks
Andy
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
