[RADIATOR] RejectReason Problem with AuthHANDLER

Mon, 28 Jun 2010 01:35:43 -0700 

Hi,

Radiator doesn't send the RejectReason when using AuthHANDLER but instead the 
hardcoded return string from AuthHANDLER.pm.

This is an excerpt of my config:

<Handler Client-Identifier="hostname" Request-Type="Access-Request">
    AuthByPolicy    ContinueUntilIgnore

    # Show any rejection reason to the end user
    RejectHasReason

    <AuthBy LDAP2>
        AuthAttrDef memberof,GENERIC,request

        # this populates Request:X-Identifier
        PostSearchHook file:"%D/ldap_authselect_by_group.pl"
    </AuthBy>

    <AuthBy HANDLER>
        HandlerId %{Request:X-Identifier}
    </AuthBy>
</Handler>


<Handler>
    Identifier reject

    # Show any rejection reason to the end user
    RejectHasReason

    <AuthBy INTERNAL>
        AuthResult REJECT
        RejectReason User isn't member of an OTP ldap group, rejecting
    </AuthBy>
</Handler>

This is the level 4 log where the issue can be seen:

Mon Jun 28 08:20:06 2010: DEBUG: Handling with AuthINTERNAL:
Mon Jun 28 08:20:06 2010: DEBUG: AuthBy INTERNAL result: REJECT, User isn't 
member of an OTP ldap group, rejecting
Mon Jun 28 08:20:06 2010: DEBUG: AuthBy HANDLER result: REJECT, redirected by 
AuthHANDLER
Mon Jun 28 08:20:06 2010: INFO: Access rejected for test: redirected by 
AuthHANDLER
Mon Jun 28 08:20:06 2010: DEBUG: Packet dump:
*** Sending to 1.2.3.4 port 1025 ....
Code:       Access-Reject
Identifier: 1
Authentic:  <24>?N<127><151><193><229>Q<148><174>B!<1>^<233>*
Attributes:
Reply-Message = "redirected by AuthHANDLER"




--
Best regards, Alex





*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be 
privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*

_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator

Reply via email to