session {} not running second module

Matt Nelson - Silverark matt.nelson at silverark.co.uk
Thu Mar 16 20:08:05 CET 2017 

Hello all,

I've been using FreeRadius for years, but have only started to try 
developing for it using Python. I've hit an issue with Simultaneous 
Users.

I am trying to run two modules in the session {} but only the first 
module is running and then is exiting out. I have written my own python 
module, and if it is called the SQL module is no longer called after it. 
The python module checks to see if it's a mac authentication request, 
and alters the user-name that was passed through. It doesn't seem to 
make a difference whether I return OK, fail, updated or handled from the 
python module it simply marks the section as 'ok' and gives me access.

Here is my session section from the config where I have tried to use the 
'group'

session {

         #
         # Run the simultanious users check through python first to see 
if the mac address needs updating.
         #

         group {
                 python {
                         fail = 1
                 }

                 if(config:User-Name) {
                         update request {
                                 User-Name := config:User-Name
                         }
                 }

                 sql

         }
}

Here is an 'ok' output from python which goes on to send a 
accept-accept.

(0)   session {
*** Supafi Python Sim User Check  ***
Updated the username!
checksimul - 'config:User-Name' = 'matt.nelson at silverark.co.uk'
(0)     [python] = ok
(0)   } # session = ok


Here is a session in a group which returns fail, but which doesn’t call 
the sql modules afterwards


(0)   session {
(0)     group {
*** Supafi Python Sim User Check  ***
Updated the username!
checksimul - 'config:User-Name' = 'matt.nelson at silverark.co.uk'
(0)       [python] = fail
(0)       if (config:User-Name) {
(0)       if (config:User-Name)  -> TRUE
(0)       if (config:User-Name)  {
(0)         update request {
(0)           User-Name := config:User-Name -> 
'matt.nelson at silverark.co.uk'
(0)         } # update request = noop
(0)       } # if (config:User-Name)  = noop
(0)     } # group = noop
(0)   } # session = noop


The SQL module does work correctly for simultaneous users, but if I 
stick my python one in from of it is stops working. The above works fine 
in the 'authorize' and 'accounting' sections. In those it lets me update 
the username and then it continues into the other modules. I can provide 
my python code if needed, but I suspect it's something simple that I'm 
missing!

So my two questions are:
     1. How do I get the SQL module to run after calling Python
     2. How can I get the session section to return a reject from result 
of the python module, as I've tested all the return codes and they all 
just allow access.

Thanks for your help.

Kind Regards, Matt

More information about the Freeradius-Devel mailing list