Have you tried having the program print 'Auth-Type := Reject' to stdout?
Ok - I think I'm starting to catch on :
Auth-Type appears to be a "config" item.
Reply-Message is a "reply" item.
Exec calls must exit 0 , anything else indicates an execution error (not an auth error).
Changing the "output_pairs" to "config" allows me to reject the request, but does not allow me to send a custom Reply-Message.
Now I've got (radiusd.conf) { modules { [stuff] getstatus { wait = yes program = "/path/program %{User-Name}" input_pairs = request output_pairs = config } }
And my program simply does this:
#!/usr/bin/perl
my $user = $ARGV[0];
if($user eq 'test') {
# fail
print "Auth-Type := Reject, Reply-Message = \"Test is not allowed\"\n";
}
exit 0;
This works as it should, accept for the obvious point that the custom Reply-Message is ignored (since it is not a config item).
Now I suppose I can do a second exec with output_pairs set to reply and output a custom message. Either that or do as Thor did and patch the source ....
Thanks,
Rob
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
