return code of "session" section ignored?

Milan Holub holub at thenet.ch
Thu May 3 13:26:47 CEST 2007


Hi Alan,

probably another bug report:

in my radiusd.conf:
...
session {
    reject
}
...

and when authenticating some user:

2007-05-03 12:57:50.210429500   modcall[authenticate]: module "perl" returns ok for request 4
2007-05-03 12:57:50.210432500 modcall: group PERL returns ok for request 4
2007-05-03 12:57:50.210434500   Processing the session section of radiusd.conf
2007-05-03 12:57:50.210436500 modcall:  entering group session for request 4
2007-05-03 12:57:50.210451500   modcall[session]: module "reject" returns reject for request 4
2007-05-03 12:57:50.210453500 modcall: group session returns reject for request 4
2007-05-03 12:57:50.210456500 Login OK: [skzxtz/xtbsjs] (from client localhost port 5281)
2007-05-03 12:57:50.210458500   Processing the post-auth section of radiusd.conf
2007-05-03 12:57:50.210460500 modcall:  entering group post-auth for request 4

As you can see "group session" returned REJECT but the user is accepted!

Is it a bug or a feature? Or am I missing something?

I've discovered this when having:
...
session {
    sql {
	fail = reject
    }
}
...

I'm using checkrad to query NAS about the user. By above I wanted to
assure that when the checkrad fails(eg. because of firewall) then by
default we assume that the user is logged in...

Please advise.

PS: Observed on cvs head from Apr 30 but I've checked changes since
then and I do not think this was fixed.


Milan Holub
holub (at) thenet (dot) ch

--------------------------------------
 TheNet-Internet Services AG,
 im Bernertechnopark, Morgenstr. 129
 CH-3018, Bern, Switzerland
 031 998 4333, Fax 031 998 4330
 http://www.thenet.ch
 http://wlan.thenet.ch
--------------------------------------





More information about the Freeradius-Users mailing list