Hello to everyone.
My scenario is simple. When I receive an authentication request for a
user, I want to run an external program and if everything goes OK,
return access-accept with some attributes, otherwise I want to return
access-reject with other attributes.
I have done the following configuration in radiusd.conf:
exec callerid {
wait=yes
program=/space/radius/callerid.sh
input_pairs = request
output_pairs = reply
packet_type = Access-Request
}
in users I have
CLIDACTIVATE Auth-Type := Local, Autz-Type := CLID
and in the authorize section of radiusd.conf
Autz-Type CLID{
callerid
}
In case my script terminates normally, I get the attribute value pairs
appended to an access-accept message as I want. However, if I make an
exit 1 at the end of the script, I do not get an access-reject with
the output attribute-value pairs appended.
I make the test with radtest
radtest -d . CLIDACTIVATE 1760 localhost 123 testing123
and from radiusd -X I get
rad_recv: Access-Request packet from host 127.0.0.1:64711, id=42, length=64
User-Name = "CLIDACTIVATE"
User-Password = "1760"
NAS-IP-Address = 255.255.255.255
NAS-Port = 123
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
modcall[authorize]: module "mschap" returns noop for request 2
rlm_realm: No '/' in User-Name = "CLIDACTIVATE", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "realmslash" returns noop for request 2
rlm_realm: No '@' in User-Name = "CLIDACTIVATE", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
users: Matched CLIDACTIVATE at 74
modcall[authorize]: module "files" returns ok for request 2
modcall: group authorize returns ok for request 2
Processing the authorize section of radiusd.conf
modcall: entering group Autz-Type for request 2
radius_xlat: '/space/radius/callerid.sh'
Exec-Program: /space/radius/callerid.sh
Exec-Program output: h323-return-code = "2"
Exec-Program-Wait: value-pairs: h323-return-code = "2"
Exec-Program: returned: 1
rlm_exec (callerid): External script failed
modcall[authorize]: module "callerid" returns fail for request 2
modcall: group Autz-Type returns fail for request 2
Finished request 2
Going to the next request
The module returns fail but no access-reject is sent back and radtest
keeps retransmitting.
What am I missing?
Thanks for any help.
Kostas
--
Kostas Zorbadelos
Currently at: Otenet IT Department
mailto: [EMAIL PROTECTED]
Out there in the darkness, out there in the night
out there in the starlight, one soul burns brighter
than a thousand suns.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
