> From: Thor Spruyt
> Sent: Monday, 1 September 2003 11:29 PM
> ----- Original Message -----
> From: <[EMAIL PROTECTED]>
> > Hi.
> > I'm using FreeRadius 0.9.0 on RedHat Linux 9.
> > I'm using external program for authorizing users. When authorization is
> not
> > allowed, I'd like to inform my user about reason of failure so I'm
> > returning Reply-Message:="Some reason" in output from my program.
> > But, Free Radius always returns "external check failed".
>
> The auth.c code always adds a reply-message attribute to the Auth-Reject
> when the external program returns something else than 0.
> I have patched the source code so it doesn't do this anymore.
Why? I preferred the solution where it added the message, unless
another Reply-Message had already been set. Is there some reason
you don't want the Reply-Message set at all in this curcumstance?
I guess I can see that you may not want people to know your
RADIUS server's on the blink...
Given the discussion about external programs returning 0 for
ACCEPT, and anything else being reject (with error message)...
Would it be better to only add the message if we get a -1
back from the exec call, and let the script take care of it
if we get a >0 and hence reject the call?
If the script fails (as opposed to rejects the request), will
it return anything other than -1?
Alternatively, convert to rlm_exec. Cases where it can't
match Exec-Program{,-Wait} are probably interesting to the
developers, since rlm_exec is (apparently) intended to replace
Exec-Program{,-Wait}.
--
=========================================================
Paul "TBBle" Hampson
Bubblesworth Pty Ltd (ABN: 51 095 284 361)
[EMAIL PROTECTED]
This is a one line proof...if we start
sufficiently far to the left.
-- Cambridge University Math Department
---------------------------------------------------------
Random signature generator 3.0 by Paul "TBBle" Hampson
=========================================================
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
