reply messages in access-reject

Hegedus Gabor hegedus.gabor at euroway.hu
Fri Mar 6 10:06:51 CET 2009


Hegedus Gabor wrote:
> Hi I have a question.
>
> How can I send attributes(for example reply-message, cvpn3000, ...) in 
> access-reject packet.
> I tried to put my exec to the post-auth section Post-Auth-Type 
> REJECT{}, but in this
> section radius dosen't send the attribs in the reject packet.
>
> Radius send only if i run the exec program in the files modul:
>
> DEFAULT NAS-Port-Type == "Virtual", Autz-Type = "LDAP"
>        exec-program-wait ="/usr/local/etc/raddb/scripts/vpn.php"
>
> debug:
>
> Using Post-Auth-Type Reject
> +- entering group REJECT {...}
> [attr_filter.access_reject]     expand: %{User-Name} -> test
> attr_filter: Matched entry DEFAULT at line 11
> ++[attr_filter.access_reject] returns updated
> ++? if (NAS-Port-Type=="Virtual")
> ? Evaluating (NAS-Port-Type=="Virtual") -> TRUE
> ++? if (NAS-Port-Type=="Virtual") -> TRUE
> ++- entering if (NAS-Port-Type=="Virtual") {...}
> [script-bad]    expand: %{User-Name} -> test
> [sctipt-bad]    expand: %{User-Password} -> test
> Exec-Program output: CVPN3000-IPSec-Banner2 = 'sorry',
> Exec-Program-Wait: value-pairs: CVPN3000-IPSec-Banner2 = 'sorry',
> Exec-Program: returned: 0
> +++[script-bad] returns ok
> ++- if (NAS-Port-Type=="Virtual") returns ok
> Delaying reject of request 7 for 1 seconds
> Going to the next request
> Waking up in 0.9 seconds.
> Sending delayed reject for request 7
> Sending Access-Reject of id 79 to 192.168.1.1 port 1147
> Waking up in 4.9 seconds.
> Cleaning up request 7 ID 79 with timestamp +388
> Ready to process requests.
>
>
> what is wrong?
> what is the solution?
>
>
> thank you!
> br
> Gabor
>
>
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
any idea?



More information about the Freeradius-Users mailing list