Access-Reject in a php script

manIP manvoip at gmail.com
Fri Oct 26 14:21:41 CEST 2007 

Hi all,

Thanks again!
I've tried to put return(2) and it does not work because my client receives
an Access-Accept.
If I let exit(2), the server does not send anything so the client fall in
time out. The user will not have access but he will make many attempts as
long as he does not receive an Access-Reject packet. Furthermore, he needs
to know what is going on...
BTW, I'm using the "NTRadPing Test Utility" client.

hereunder is the output debug:
Module: Instantiated realm (suffix)
 exec: wait = yes
 exec: program = "/home/authentication.php"
 exec: input_pairs = "request"
 exec: output_pairs = "reply"
 exec: packet_type = "Access-Request"
Module: Instantiated exec (myauth)
Module: Instantiated files (files)
 exec: wait = yes
 exec: program = "/home/accounting.php"
 exec: input_pairs = "request"
 exec: output_pairs = "reply"
 exec: packet_type = "Accounting-Request"
Module: Instantiated exec (myacct)


rad_recv: Access-Request packet from host x.x.x.x:2658, id=49, length=58
        User-Name = "xxx"
        User-Password = "xxx"
  Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
  modcall[authorize]: module "preprocess" returns ok for request 0
  modcall[authorize]: module "chap" returns noop for request 0
  modcall[authorize]: module "mschap" returns noop for request 0
    rlm_realm: Looking up realm "xxx" for User-Name = "xxx"
    rlm_realm: No such realm "xxxx"
  modcall[authorize]: module "suffix" returns noop for request 0
  rlm_eap: No EAP-Message, not doing EAP
  modcall[authorize]: module "eap" returns noop for request 0
Exec-Program output:
Exec-Program: returned: 2
rlm_exec (myauth): External script failed
  modcall[authorize]: module "myauth" returns fail for request 0
modcall: leaving group authorize (returns fail) for request 0
Finished request 0
Going to the next request
--- Walking the entire request list ---
Waking up in 6 seconds...
rad_recv: Access-Request packet from host xxxxx, id=49, length=58
Discarding duplicate request from client xxxx - ID: 49
--- Walking the entire request list ---
Waking up in 2 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 49 with timestamp 4721d900
Nothing to do.  Sleeping until we see a request.

Thank you very much anyway!

Patric wrote:
> > Something just occurred to me that I dont think I tried before.
> > What happens if instead of doing an
> >
> > exit(2);
> >
> > you do a
> >
> > return(2);
> >
> > This way your script will still exit clean, so freeradius wont pick it
> > up as a script failure, but hopefully will still get the result?
>
>   No.  If the script succeeds, the output is either a text message, or
> RADIUS attributes that go into an Access-Accept.
>
>   If the script fails, the server sends an Access-Reject.
>
>   Stop playing games with PHP and post the output of "radiusd -X".  I'll
> bet money that the solution is right there in the debug output.
>
>   Alan DeKok.
>
>
> ------------------------------
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
>
> End of Freeradius-Users Digest, Vol 30, Issue 97
> ************************************************
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071026/2bdbe118/attachment.html>

More information about the Freeradius-Users mailing list