Re: rlm_perl and RLM_MODULE_REJECT
Jean-Michel Caricand wrote: ... > I use freeradius-1.1.3 (Debian Etch package). I applied this patch to > radiusd.c to solve > my problem. That works. My question : my patch seems good or not ? It looks fine. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and RLM_MODULE_REJECT
Le vendredi 25 janvier 2008 17:01, Alan DeKok a écrit : > Jean-Michel Caricand wrote: > > Well. I made a lot of tests without success. I'm not yet able to REJECT a > > request in a post_proxy function, but that works fine in a authorize > > function. > > > > Does someone have ideas ? > > In 2.0, it looks like this isn't dealt with in src/main/event.c around > line 1075. It's probably useful to add... > > Alan DeKok. > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html > Hi, I use freeradius-1.1.3 (Debian Etch package). I applied this patch to radiusd.c to solve my problem. That works. My question : my patch seems good or not ? *** freeradius-1.1.3/src/main/radiusd.c Tue May 16 18:26:07 2006 --- /root/FREERADIUS/freeradius-1.1.3/src/main/radiusd.cSat Jan 26 11:04:06 2008 *** *** 1585,1590 --- 1585,1595 int rcode; rcode = proxy_receive(request); switch (rcode) { + case RLM_MODULE_REJECT: + DEBUG2("Request %d rejected in proxy_receive.", request->number); + request_reject(request); + goto finished_request; + break; default: /* Don't Do Anything */ break; case RLM_MODULE_FAIL: Cheers. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and RLM_MODULE_REJECT
Jean-Michel Caricand wrote: > Well. I made a lot of tests without success. I'm not yet able to REJECT a > request in a post_proxy function, but that works fine in a authorize > function. > > Does someone have ideas ? In 2.0, it looks like this isn't dealt with in src/main/event.c around line 1075. It's probably useful to add... Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and RLM_MODULE_REJECT
Le vendredi 25 janvier 2008 12:55, Boian Jordanov a écrit : > Try with RLM_MODULE_FAIL in post_proxy > > > Best Regards, > Boian Jordanov > SNE > Orbitel - Next Generation Telecom > tel. +359 2 4004 723 > tel. +359 2 4004 002 > > On Jan 25, 2008, at 12:35 PM, Jean-Michel Caricand wrote: > >> doesn't make sense to use RLM_MODULE_REJECT in post_proxy. May be you > >> need pre_proxy ? > >> > >> From radius.conf file > >> > >> # > >> # When the server decides to proxy a request to a home server, > >> # the proxied request is first passed through the pre-proxy > >> # stage. This stage can re-write the request, or decide to > >> # cancel the proxy. > >> # > >> # Only a few modules currently have this method. > >> # > >> > >> > >> Best Regards, > >> Boian Jordanov > >> SNE > >> Orbitel - Next Generation Telecom > >> tel. +359 2 4004 723 > >> tel. +359 2 4004 002 > >> > >> On Jan 25, 2008, at 11:52 AM, Jean-Michel Caricand wrote: > >>> I have a question on rlm_perl and RLM_MODULE_REJECT. If in a > >>> function > >>> (post_proxy) I return RLM_MODULE_REJECT I can see this in log : > >> > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > > > > But I must check some attributes defined by my home server. I can't > > check > > them in pre_proxy because they are not set. No ? > > > > I want to reject the access if by example the Framed-IP-Address is > > not in > > a valid range. > > > > Thank. > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ > > users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html Well. I made a lot of tests without success. I'm not yet able to REJECT a request in a post_proxy function, but that works fine in a authorize function. Does someone have ideas ? -- Jean-Michel Caricand Tél: 03.81.66.20.63 E-mail: [EMAIL PROTECTED] Equipe systèmes Laboratoire d'Informatique de l'Université de Franche-Comté 16, route de Gray - 25030 BESANÇON CEDEX - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and RLM_MODULE_REJECT
Le vendredi 25 janvier 2008 12:55, Boian Jordanov a écrit : > Try with RLM_MODULE_FAIL in post_proxy > > > Best Regards, > Boian Jordanov > SNE > Orbitel - Next Generation Telecom > tel. +359 2 4004 723 > tel. +359 2 4004 002 > > On Jan 25, 2008, at 12:35 PM, Jean-Michel Caricand wrote: > >> doesn't make sense to use RLM_MODULE_REJECT in post_proxy. May be you > >> need pre_proxy ? > >> > >> From radius.conf file > >> > >> # > >> # When the server decides to proxy a request to a home server, > >> # the proxied request is first passed through the pre-proxy > >> # stage. This stage can re-write the request, or decide to > >> # cancel the proxy. > >> # > >> # Only a few modules currently have this method. > >> # > >> > >> > >> Best Regards, > >> Boian Jordanov > >> SNE > >> Orbitel - Next Generation Telecom > >> tel. +359 2 4004 723 > >> tel. +359 2 4004 002 > >> > >> On Jan 25, 2008, at 11:52 AM, Jean-Michel Caricand wrote: > >>> I have a question on rlm_perl and RLM_MODULE_REJECT. If in a > >>> function > >>> (post_proxy) I return RLM_MODULE_REJECT I can see this in log : > >> > >> - > >> List info/subscribe/unsubscribe? See > >> http://www.freeradius.org/list/users.html > > > > But I must check some attributes defined by my home server. I can't > > check > > them in pre_proxy because they are not set. No ? > > > > I want to reject the access if by example the Framed-IP-Address is > > not in > > a valid range. > > > > Thank. > > > > - > > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ > > users.html > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html With RLM_MODULE_FAIL, I get theses messages : modcall[post-proxy]: module "perl1" returns fail for request 0 modcall: leaving group post-proxy (returns fail) for request 0 Going to the next request Waking up in 6 seconds... rad_recv: Access-Request packet from host 127.0.0.1:42610, id=123, length=71 Discarding duplicate request from client localhost:42610 - ID: 123 due to unfinished request 0 --- Walking the entire request list --- Waking up in 28 seconds... rad_recv: Access-Request packet from host 127.0.0.1:42610, id=123, length=71 Discarding duplicate request from client localhost:42610 - ID: 123 due to unfinished request 0 --- Walking the entire request list --- Waking up in 25 seconds... -- Jean-Michel Caricand Tél: 03.81.66.20.63 E-mail: [EMAIL PROTECTED] Equipe systèmes Laboratoire d'Informatique de l'Université de Franche-Comté 16, route de Gray - 25030 BESANÇON CEDEX - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and RLM_MODULE_REJECT
Try with RLM_MODULE_FAIL in post_proxy Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002 On Jan 25, 2008, at 12:35 PM, Jean-Michel Caricand wrote: doesn't make sense to use RLM_MODULE_REJECT in post_proxy. May be you need pre_proxy ? From radius.conf file # # When the server decides to proxy a request to a home server, # the proxied request is first passed through the pre-proxy # stage. This stage can re-write the request, or decide to # cancel the proxy. # # Only a few modules currently have this method. # Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002 On Jan 25, 2008, at 11:52 AM, Jean-Michel Caricand wrote: I have a question on rlm_perl and RLM_MODULE_REJECT. If in a function (post_proxy) I return RLM_MODULE_REJECT I can see this in log : - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html But I must check some attributes defined by my home server. I can't check them in pre_proxy because they are not set. No ? I want to reject the access if by example the Framed-IP-Address is not in a valid range. Thank. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/ users.html - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and RLM_MODULE_REJECT
> doesn't make sense to use RLM_MODULE_REJECT in post_proxy. May be you > need pre_proxy ? > > From radius.conf file > > # > # When the server decides to proxy a request to a home server, > # the proxied request is first passed through the pre-proxy > # stage. This stage can re-write the request, or decide to > # cancel the proxy. > # > # Only a few modules currently have this method. > # > > > Best Regards, > Boian Jordanov > SNE > Orbitel - Next Generation Telecom > tel. +359 2 4004 723 > tel. +359 2 4004 002 > > > > > On Jan 25, 2008, at 11:52 AM, Jean-Michel Caricand wrote: > >> I have a question on rlm_perl and RLM_MODULE_REJECT. If in a function >> (post_proxy) I return RLM_MODULE_REJECT I can see this in log : > > - > List info/subscribe/unsubscribe? See > http://www.freeradius.org/list/users.html > But I must check some attributes defined by my home server. I can't check them in pre_proxy because they are not set. No ? I want to reject the access if by example the Framed-IP-Address is not in a valid range. Thank. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: rlm_perl and RLM_MODULE_REJECT
doesn't make sense to use RLM_MODULE_REJECT in post_proxy. May be you need pre_proxy ? From radius.conf file # # When the server decides to proxy a request to a home server, # the proxied request is first passed through the pre-proxy # stage. This stage can re-write the request, or decide to # cancel the proxy. # # Only a few modules currently have this method. # Best Regards, Boian Jordanov SNE Orbitel - Next Generation Telecom tel. +359 2 4004 723 tel. +359 2 4004 002 On Jan 25, 2008, at 11:52 AM, Jean-Michel Caricand wrote: I have a question on rlm_perl and RLM_MODULE_REJECT. If in a function (post_proxy) I return RLM_MODULE_REJECT I can see this in log : - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html