Output of exec module

Dom Latter freeradius-users at latter.org
Thu Apr 25 16:16:47 CEST 2019


On 23/04/2019 13:45, Alan DeKok wrote:
> On Apr 23, 2019, at 8:20 AM, Dom Latter <freeradius-users at latter.org> wrote:
>>
>> We are using the exec module [1]:
>> https://networkradius.com/doc/3.0.10/raddb/mods-available/exec.html
>>
>> In some circumstances we will reject a user even though they have
>> authenticated.  So we send a return code of 1.
>>
>> But this appears in radius./log as an error.  Looking at src/main/exec.c
>> I find these lines:
>>
>> if ((status != 0) || (ret < 0)) {
>>   RERROR("Program returned code (%d) and output '%s'", status, answer);
>>
>> so I am guessing this is essentially as designed.  Is that right?
> 
>    Yes.
> 

Unfortunately this *seems* to prevent the linelog from working.  Pretty 
sure it used not to behave like this - originally *all* of our
authentication went via the external script and we've always relied on
the line log to provide diagnostic info to the tech support people.


More information about the Freeradius-Users mailing list