Run sql Module after exec in radpostauth

Muhammed Buvaydani muhammed.buvaydani at netcom.com.tr
Sat Oct 3 22:07:27 CEST 2020


many thanks for your reply , actually this is my  post auth config

post-auth {

exec

sql

Post-Auth-Type REJECT {


sql
                attr_filter.access_reject
     }


 }

and this the log when I do this configuration it is not run the SQL module after exec  in reject type


rlm_sql (sql): Released connection (0)
(0)     [sql] = ok
(0)     if (User-Name =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) {
(0)     if (User-Name =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)  -> FALSE
(0)     [pap] = updated
(0)   } # authorize = updated
(0) Found Auth-Type = PAP
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0)   Auth-Type PAP {
(0) pap: Login attempt with password
(0) pap: Comparing with "known good" Cleartext-Password
(0) pap: User authenticated successfully
(0)     [pap] = ok
(0)   } # Auth-Type PAP = ok
(0) # Executing section session from file /usr/local/etc/raddb/sites-enabled/default
(0)   session {
(0) sql: EXPAND %{User-Name}
(0) sql:    --> abhibose
(0) sql: SQL-User-Name set to 'abhibose'
rlm_sql (sql): Reserved connection (2)
(0) sql: EXPAND SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL
(0) sql:    --> SELECT COUNT(*) FROM radacct WHERE username = 'abhibose' AND acctstoptime IS NULL
(0) sql: Executing select query: SELECT COUNT(*) FROM radacct WHERE username = 'abhibose' AND acctstoptime IS NULL
rlm_sql (sql): Released connection (2)
(0)     [sql] = ok
(0)   } # session = ok
(0) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
(0)   post-auth {
(0) exec: Executing: /usr/bin/php /var/www/html/cloudradius/captiveportal/auth_new.php "abhibose" "1234" "4e:f9:5e:77:0c:9a" "102" "103.200.57.138" "PPP"  "192.168.0.1"  "" "nas" :
(0) exec: ERROR: Program returned code (1) and output 'Reply-Message :="Your Account has been expired."'
(0)     [exec] = reject
(0)   } # post-auth = reject
(0) Delaying response for 1.000000 seconds
Waking up in 0.2 seconds.
Waking up in 0.7 seconds.
(0) Sending delayed response
(0) Sent Access-Reject Id 146 from 127.0.0.1:1812 to 127.0.0.1:54425 length 52
(0)   Reply-Message := "Your Account has been expired."
Waking up in 3.9 seconds.



[1562314050593]
________________________________
From: Alan DeKok <aland at deployingradius.com>
Sent: Saturday, October 3, 2020 7:22:29 PM
To: FreeRadius users mailing list
Cc: Muhammed Buvaydani
Subject: Re: Run sql Module after exec in radpostauth

On Oct 3, 2020, at 11:01 AM, Muhammed Buvaydani via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> I am using external php script for authentication which I configured in users file , the PHP script will return the reason of the reject and I want to save this reason in radpost auth table, the problem is if I set SQL module before exec and the user was accepted as PAP but rejected from my script then  the radpost auth will have access-accept even if he is rejected by my PHP script , this is the debug

  Move "sql" to after "exec" then.

> so if I put SQL module after exec , then the sqk will not run at all .

  Yes, you can also list "sql" in the "Post-Auth-Type Reject" section.  Which will log the reject.

  Alan DeKok.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: OutlookEmoji-156231405059350ac8ac1-ff26-45c7-a57a-6061bed125b1.png
Type: image/png
Size: 39094 bytes
Desc: OutlookEmoji-156231405059350ac8ac1-ff26-45c7-a57a-6061bed125b1.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20201003/506638a1/attachment-0007.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OutlookEmoji-1562314050593355e4337-349a-4499-9695-493ff83a52da.png
Type: image/png
Size: 39094 bytes
Desc: OutlookEmoji-1562314050593355e4337-349a-4499-9695-493ff83a52da.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20201003/506638a1/attachment-0008.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OutlookEmoji-156231405059369aa32a6-7616-491d-bf30-001f55854e52.png
Type: image/png
Size: 39094 bytes
Desc: OutlookEmoji-156231405059369aa32a6-7616-491d-bf30-001f55854e52.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20201003/506638a1/attachment-0009.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OutlookEmoji-1562314050593f57afc43-a901-4f72-bdbf-040d61354933.png
Type: image/png
Size: 39094 bytes
Desc: OutlookEmoji-1562314050593f57afc43-a901-4f72-bdbf-040d61354933.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20201003/506638a1/attachment-0010.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OutlookEmoji-1562314050593e3228467-5781-4f47-9088-12ca781ef10b.png
Type: image/png
Size: 39094 bytes
Desc: OutlookEmoji-1562314050593e3228467-5781-4f47-9088-12ca781ef10b.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20201003/506638a1/attachment-0011.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OutlookEmoji-15623140505939d31a6d4-df54-46dc-9ac5-1359cb5e8616.png
Type: image/png
Size: 39094 bytes
Desc: OutlookEmoji-15623140505939d31a6d4-df54-46dc-9ac5-1359cb5e8616.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20201003/506638a1/attachment-0012.png>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: OutlookEmoji-1562314050593d9f82ea2-a3af-4ad3-ae48-089a45f4e572.png
Type: image/png
Size: 39094 bytes
Desc: OutlookEmoji-1562314050593d9f82ea2-a3af-4ad3-ae48-089a45f4e572.png
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20201003/506638a1/attachment-0013.png>


More information about the Freeradius-Users mailing list