From: "Rob Genovesi" <[EMAIL PROTECTED]>
<left out>
> In this case getstatus was a simple shell script that did nothing but exit
> 255. I would prefer to exit with a valid radius response including a
> Reply-Message.
<left out>
Hi,
I had some issues with external programs also with FreeRadius 0.9.0.
Mind that the following is regarding FreeRadius 0.9.0!!!
Regarding exit codes:
0 = accept
1 = reject
Basic on this, I guess that any negative exit code indicates an error, any
positive exit code a reject and 0 an accept.
Here's some Perl code that I used to reject the user:
sub auth_reject {
my ($message) = @_;
print "Reply-Message = \"$message\"\n";
exit 1;
}
Regarding the Reply-Message:
I patched the source.
### PATCH 1 ###
--- src/main/auth.c.orig 2003-08-27 15:57:17.000000000 +0200
+++ src/main/auth.c 2003-08-27 16:02:34.000000000 +0200
@@ -805,15 +805,18 @@
* had a non-zero exit status.
*/
if (umsg[0] == '\0') {
- user_msg = "\r\nAccess denied (external check failed).";
+ /* Don't tell NAS that auth failed by external check */
+ user_msg = NULL;
} else {
user_msg = &umsg[0];
}
request->reply->code = PW_AUTHENTICATION_REJECT;
- tmp = pairmake("Reply-Message", user_msg, T_OP_SET);
-
- pairadd(&request->reply->vps, tmp);
+ /* Only add reply-message when one is available */
+ if (user_msg != NULL) {
+ tmp = pairmake("Reply-Message", user_msg, T_OP_SET);
+ pairadd(&request->reply->vps, tmp);
+ }
rad_authlog("Login incorrect (external check failed)",
request, 0);
### PATCH 2 ###
--- src/main/auth.c.orig 2003-08-27 15:57:17.000000000 +0200
+++ src/main/auth.c 2003-08-27 15:57:58.000000000 +0200
@@ -815,7 +815,8 @@
pairadd(&request->reply->vps, tmp);
rad_authlog("Login incorrect (external check failed)",
- request, 0);
+ /* Log attributes of reject packets */
+ request, 1);
return RLM_MODULE_REJECT;
}
Regards,
Thor.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html