<div><div><br>Hi all,<br><br>Thanks again!<br>I've tried to put return(2) and it does not work because my client receives an Access-Accept.<br>If I let exit(2), the server does not send anything so the client fall in time out. The user will not have access but he will make many attempts as long as he does not receive an Access-Reject packet.
Furthermore, he needs to know what is going on...<br>BTW, I'm using the "NTRadPing Test Utility" client.<br><br>hereunder is the output debug:<br>Module: Instantiated realm (suffix) <br> exec: wait = yes<br>
exec: program = "/home/authentication.php"<br> exec: input_pairs = "request"<br> exec: output_pairs = "reply"<br> exec: packet_type = "Access-Request"<br>Module: Instantiated exec (myauth)
<br>Module: Instantiated files (files) <br> exec: wait = yes<br> exec: program = "/home/accounting.php"<br> exec: input_pairs = "request"<br> exec: output_pairs = "reply"<br> exec: packet_type = "Accounting-Request"
<br>Module: Instantiated exec (myacct) <br><br><br>rad_recv: Access-Request packet from host x.x.x.x:2658, id=49, length=58<br> User-Name = "xxx"<br> User-Password = "xxx"<br> Processing the authorize section of
radiusd.conf<br>modcall: entering group authorize for request 0<br> modcall[authorize]: module "preprocess" returns ok for request 0<br> modcall[authorize]: module "chap" returns noop for request 0<br>
modcall[authorize]: module "mschap" returns noop for request 0<br> rlm_realm: Looking up realm "xxx" for User-Name = "xxx"<br> rlm_realm: No such realm "xxxx"<br> modcall[authorize]: module "suffix" returns noop for request 0
<br> rlm_eap: No EAP-Message, not doing EAP<br> modcall[authorize]: module "eap" returns noop for request 0<br>Exec-Program output: <br>Exec-Program: returned: 2<br>rlm_exec (myauth): External script failed<br>
modcall[authorize]: module "myauth" returns fail for request 0<br>modcall: leaving group authorize (returns fail) for request 0<br>Finished request 0<br>Going to the next request<br>--- Walking the entire request list ---
<br>Waking up in 6 seconds...<br>rad_recv: Access-Request packet from host xxxxx, id=49, length=58<br>Discarding duplicate request from client xxxx - ID: 49<br>--- Walking the entire request list ---<br>Waking up in 2 seconds...
<br>--- Walking the entire request list ---<br>Cleaning up request 0 ID 49 with timestamp 4721d900<br>Nothing to do. Sleeping until we see a request.<br><br>Thank you very much anyway!<br> </div><br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
Patric wrote:<br>> Something just occurred to me that I dont think I tried before.
<br>> What happens if instead of doing an<br>><br>> exit(2);<br>><br>> you do a<br>><br>> return(2);<br>><br>> This way your script will still exit clean, so freeradius wont pick it<br>> up as a script failure, but hopefully will still get the result?
<br><br> No. If the script succeeds, the output is either a text message, or<br>RADIUS attributes that go into an Access-Accept.<br><br> If the script fails, the server sends an Access-Reject.<br><br> Stop playing games with PHP and post the output of "radiusd -X". I'll
<br>bet money that the solution is right there in the debug output.<br><br> Alan DeKok.<br><br><br>------------------------------<br><br>-<br>List info/subscribe/unsubscribe? See <a href="http://www.freeradius.org/list/users.html" target="_blank" onclick="return top.js.OpenExtLink(window,event,this)">
http://www.freeradius.org/list/users.html</a><br><br><br>End of Freeradius-Users Digest, Vol 30, Issue 97<br>************************************************<br></blockquote></div><br>