Hi, Have you find out any solutions to that problem? I'm waiting for an answer before modifying the source code... May be, there is a bug and the official source code should be modified as Patric did.
Cheers! Khalid :) Hi all, > > Thanks again! > I've tried to put return(2) and it does not work because my client > receives > an Access-Accept. > If I let exit(2), the server does not send anything so the client fall in > time out. The user will not have access but he will make many attempts as > long as he does not receive an Access-Reject packet. Furthermore, he needs > to know what is going on... > BTW, I'm using the "NTRadPing Test Utility" client. > > hereunder is the output debug: > Module: Instantiated realm (suffix) > exec: wait = yes > exec: program = "/home/authentication.php" > exec: input_pairs = "request" > exec: output_pairs = "reply" > exec: packet_type = "Access-Request" > Module: Instantiated exec (myauth) > Module: Instantiated files (files) > exec: wait = yes > exec: program = "/home/accounting.php" > exec: input_pairs = "request" > exec: output_pairs = "reply" > exec: packet_type = "Accounting-Request" > Module: Instantiated exec (myacct) > > > rad_recv: Access-Request packet from host x.x.x.x:2658, id=49, length=58 > User-Name = "xxx" > User-Password = "xxx" > Processing the authorize section of radiusd.conf > modcall: entering group authorize for request 0 > modcall[authorize]: module "preprocess" returns ok for request 0 > modcall[authorize]: module "chap" returns noop for request 0 > modcall[authorize]: module "mschap" returns noop for request 0 > rlm_realm: Looking up realm "xxx" for User-Name = "xxx" > rlm_realm: No such realm "xxxx" > modcall[authorize]: module "suffix" returns noop for request 0 > rlm_eap: No EAP-Message, not doing EAP > modcall[authorize]: module "eap" returns noop for request 0 > Exec-Program output: > Exec-Program: returned: 2 > rlm_exec (myauth): External script failed > modcall[authorize]: module "myauth" returns fail for request 0 > modcall: leaving group authorize (returns fail) for request 0 > Finished request 0 > Going to the next request > --- Walking the entire request list --- > Waking up in 6 seconds... > rad_recv: Access-Request packet from host xxxxx, id=49, length=58 > Discarding duplicate request from client xxxx - ID: 49 > --- Walking the entire request list --- > Waking up in 2 seconds... > --- Walking the entire request list --- > Cleaning up request 0 ID 49 with timestamp 4721d900 > Nothing to do. Sleeping until we see a request. > > Thank you very much anyway! > > Patric wrote: > > > Something just occurred to me that I dont think I tried before. > > > What happens if instead of doing an > > > > > > exit(2); > > > > > > you do a > > > > > > return(2); > > > > > > This way your script will still exit clean, so freeradius wont pick it > > > up as a script failure, but hopefully will still get the result? > > > > No. If the script succeeds, the output is either a text message, or > > RADIUS attributes that go into an Access-Accept. > > > > If the script fails, the server sends an Access-Reject. > > > > Stop playing games with PHP and post the output of "radiusd -X". I'll > > bet money that the solution is right there in the debug output. > > > > Alan DeKok. > > >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
