refresh variable after exec module

bLn pruebasradius at gmail.com
Tue Jun 2 13:21:55 CEST 2009 

Good morning,

I back with the same problem.

I've seeing past post for last week but I have any wrong because those 
solutions don't work for me.

I have a script in exec module which set 2 values: Session-Timeout if 
everything is correct for each user and it calculate his remaining time 
to connect, and Reply-Message if there is any problem, to show this 
message to the user

I've seen these values are cached before when mysql runs the queries to 
radcheck, radgroupchek, radreply, etc...in authtorize section and when I 
execute my script in post-auth module the new values aren't replaced and 
sent together with Access-Accept or Access-Reject

I've done an update in post-auth section, like you said in last posts, 
in two different modes:

first example:
    Post-Auth-Type REJECT {
        attr_filter.access_reject
        update outer.reply {
            Reply-Message := "%{reply:Reply-Message}"
        }
        sql
        reply_log
    }


Second example:

    Post-Auth-Type REJECT {
        attr_filter.access_reject
        update outer.reply {
            Reply-Message := "pepe"
        }
        sql
        reply_log
    }

I've set Reply-Message := "pepe" to try without a variable but 
unsuccessfully because I'm not sure if I've set the variable correctly  
but if I put the value of variable and this is not send neither it is 
because my value is not replaced by the before one, ok? why?


Post-Auth section

post-auth {
    #  Get an address from the IP Pool.
#    main_pool
    #
    #  If you want to have a log of authentication replies,
    #  un-comment the following line, and the 'detail reply_log'
    #  section, above.
    reply_log
    #
    #  After authenticating the user, do another SQL query.
    #
    #  See "Authentication Logging Queries" in sql.conf
    sql
    #
    #  Instead of sending the query to the SQL server,
    #  write it into a log file.
    #
    sql_log
    #
    #  Un-comment the following if you have set
    #  'edir_account_policy_check = yes' in the ldap module sub-section of
    #  the 'modules' section.
    #
#    ldap
    exec
    update outer.reply {
        Session-Timeout:="%{reply:Session-Timeout}"
    }
    #
    #  Access-Reject packets are sent through the REJECT sub-section of the
    #  post-auth section.
    #
    #  Add the ldap module name (or instance) if you have set
    #  'edir_account_policy_check = yes' in the ldap module configuration
    #
    Post-Auth-Type REJECT {
        attr_filter.access_reject
        update outer.reply {
            Reply-Message := "pepe"
        }
        sql
        reply_log
    }
}


I try with "update reply" too. I don't understand the different between 
both modes. Can you say me where I can read the neccesary doc to find 
this difference?

thanks in advance and I'm sorry to repeat this issue again

More information about the Freeradius-Users mailing list