reply messages in access-reject

Hegedus Gabor hegedus.gabor at euroway.hu
Wed Mar 4 16:25:55 CET 2009


Hi I have a question.

How can I send attributes(for example reply-message, cvpn3000, ...) in 
access-reject packet.
I tried to put my exec to the post-auth section Post-Auth-Type REJECT{}, 
but in this
section radius dosen't send the attribs in the reject packet.

Radius send only if i run the exec program in the files modul:

DEFAULT NAS-Port-Type == "Virtual", Autz-Type = "LDAP"
        exec-program-wait ="/usr/local/etc/raddb/scripts/vpn.php"

debug:

Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> test
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
++? if (NAS-Port-Type=="Virtual")
? Evaluating (NAS-Port-Type=="Virtual") -> TRUE
++? if (NAS-Port-Type=="Virtual") -> TRUE
++- entering if (NAS-Port-Type=="Virtual") {...}
[script-bad]    expand: %{User-Name} -> test
[sctipt-bad]    expand: %{User-Password} -> test
Exec-Program output: CVPN3000-IPSec-Banner2 = 'sorry',
Exec-Program-Wait: value-pairs: CVPN3000-IPSec-Banner2 = 'sorry',
Exec-Program: returned: 0
+++[script-bad] returns ok
++- if (NAS-Port-Type=="Virtual") returns ok
Delaying reject of request 7 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 7
Sending Access-Reject of id 79 to 192.168.1.1 port 1147
Waking up in 4.9 seconds.
Cleaning up request 7 ID 79 with timestamp +388
Ready to process requests.


what is wrong?
what is the solution?


thank you!
br
Gabor





More information about the Freeradius-Users mailing list