Re: Simple question about adding own attribute to proxy reply

Wed, 27 Jul 2005 04:32:52 -0700 

Nicolas Baradakis пишет:


Valeriy V. Peshkoff wrote:


Using attr_rewrite i can add reply-message to any packet.
But i want add Reply-Message only to the Access-Reject packet or use
different Reply-Message to Accept and Reject. How can i do it?


See http://www.freeradius.org/radiusd/doc/Post-Auth-Type


Can you help me giving example on how to do it?

I have this in radius.conf

post-auth {
Post-Auth-Type REJECT {
Reply-Message
}
}

When i create
attr_rewrite Reply-Message {
attribute = Reply-Message
# may be "packet", "reply", "proxy", "proxy_reply" or "config"
searchin = proxy_reply
searchfor = "[+ ]"
replacewith = "Not allowed here"
ignore_case = no
new_attribute = yes
max_matches = 10
## If set to yes then the replace string will be appended to the original string 
append = no
}

I see in log

rad_recv: Access-Reject packet from host 172.16.180.6:1645, id=1, length=20
Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 1
radius_xlat: '60'
rlm_attr_rewrite: Added attribute Idle-Timeout with value '60'
modcall[post-proxy]: module "Idle-Timeout" returns ok for request 1
radius_xlat: '60'
rlm_attr_rewrite: Added attribute Acct-Interim-Interval with value '60'
modcall[post-proxy]: module "Acct-Interim-Interval" returns ok for request 1
radius_xlat: '1'
rlm_attr_rewrite: Added attribute Class with value '1'
modcall[post-proxy]: module "Class" returns ok for request 1
modcall[post-proxy]: module "eap" returns noop for request 1
modcall: group post-proxy returns ok for request 1
Login incorrect (Home Server says so): [quantumw/quant] (from client peshkoff.quantum.ru port 0) 
Processing the post-auth section of radiusd.conf
modcall: entering group Post-Auth-Type for request 1
radius_xlat: 'Not allowed here'
rlm_attr_rewrite: Added attribute Reply-Message with value 'Not allowed here' 
modcall[post-auth]: module "Reply-Message" returns ok for request 1
modcall: group Post-Auth-Type returns ok for request 1
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 15 with timestamp 42e771e5
Sending Access-Reject of id 16 to 192.168.18.77:1103
Waking up in 3 seconds...

But i don't see Replay-Message in my radius client (NTradping)

--
Russia,  St. Petersburg
Quantum Communications
Valeriy V. Peshkov | [EMAIL PROTECTED]
+7 (812) 327-6131
+7 (812) 327-1442

Attachment: smime.p7s
Description: S/MIME Cryptographic Signature

- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Reply via email to