On Aug 15, 2004, at 19:09, Alan DeKok wrote:
Doug Hardie <[EMAIL PROTECTED]> wrote:Then how do you replace a depreciated EXEC-PROGRAM-WAIT call with something that calls an external program that can return pairs
rlm_exec does that.
or cause authentication failure with the regulare authentication failure logging messages?
rlm_exec returns FAIL when the external script fails. You can change this to REJECT via source code modifications, or by using configurable failover in the "authorize" section.
There is some really useful info in doc/configurable_failover. A lot of that should be in a more obvious place, like README or INTRO etc. Now I know why putting rlm_exec module in the authenticate section won't work. I believe the following is what I need to achieve the above. Is this correct?
modules {
...
exec l_auth {
wait = yes
program = "/etc/raddb/local %{HINT} R"
input_pairs = request
output_pairs = reply
} always reject {
rcode = reject
}
...
}post-auth {
redundant {
l_auth {
fail = 1
}
reject
}
}
It also seems like I might be able to use the following in post-auth:
post-auth {
l_auth {
fail = reject
}
}- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
