Ok, I'm back with another cuestion.
now, if I put the variable in this way, I send the Reply-Message (pepe)
with Access-Reject connections
update reply {
Reply-Message := "pepe"
}
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> [email protected]
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
++[reply] returns updated
Sending Access-Reject of id 46 to 192.168.1.10 port 32925
Reply-Message = "pepe"
but if I wanna update it with a variable that I got from external script
and I put this:
update reply {
Reply-Message := "%{reply:Reply-Message}"
+- entering group post-auth {...}
[exec] expand: %{User-Name} -> [email protected]
[exec] expand: %{Reply-Message} ->
Exec-Program output: VALOR 1(Username) ES [email protected] El usuario
ya esta cnectado El usuario ya esta conectado
Exec-Program-Wait: plaintext: VALOR 1(Username) ES [email protected]
El usuario ya esta cnectado El usuario ya esta conectado
Exec-Program: returned: 255
++[exec] returns fail
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> [email protected]
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
expand: %{reply:Reply-Message} -> NULL
++[reply] returns updated
Is it correct this way? Reply-Message := "%{reply:Reply-Message}"
thanks
bLn escribió:
Good morning,
I back with the same problem.
I've seeing past post for last week but I have any wrong because those
solutions don't work for me.
I have a script in exec module which set 2 values: Session-Timeout if
everything is correct for each user and it calculate his remaining
time to connect, and Reply-Message if there is any problem, to show
this message to the user
I've seen these values are cached before when mysql runs the queries
to radcheck, radgroupchek, radreply, etc...in authtorize section and
when I execute my script in post-auth module the new values aren't
replaced and sent together with Access-Accept or Access-Reject
I've done an update in post-auth section, like you said in last posts,
in two different modes:
first example:
Post-Auth-Type REJECT {
attr_filter.access_reject
update outer.reply {
Reply-Message := "%{reply:Reply-Message}"
}
sql
reply_log
}
Second example:
Post-Auth-Type REJECT {
attr_filter.access_reject
update outer.reply {
Reply-Message := "pepe"
}
sql
reply_log
}
I've set Reply-Message := "pepe" to try without a variable but
unsuccessfully because I'm not sure if I've set the variable
correctly but if I put the value of variable and this is not send
neither it is because my value is not replaced by the before one, ok?
why?
Post-Auth section
post-auth {
# Get an address from the IP Pool.
# main_pool
#
# If you want to have a log of authentication replies,
# un-comment the following line, and the 'detail reply_log'
# section, above.
reply_log
#
# After authenticating the user, do another SQL query.
#
# See "Authentication Logging Queries" in sql.conf
sql
#
# Instead of sending the query to the SQL server,
# write it into a log file.
#
sql_log
#
# Un-comment the following if you have set
# 'edir_account_policy_check = yes' in the ldap module sub-section of
# the 'modules' section.
#
# ldap
exec
update outer.reply {
Session-Timeout:="%{reply:Session-Timeout}"
}
#
# Access-Reject packets are sent through the REJECT sub-section of
the
# post-auth section.
#
# Add the ldap module name (or instance) if you have set
# 'edir_account_policy_check = yes' in the ldap module configuration
#
Post-Auth-Type REJECT {
attr_filter.access_reject
update outer.reply {
Reply-Message := "pepe"
}
sql
reply_log
}
}
I try with "update reply" too. I don't understand the different
between both modes. Can you say me where I can read the neccesary doc
to find this difference?
thanks in advance and I'm sorry to repeat this issue again
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
