I'm using Freeradius 2.1.10 and I have one problem updating reply.<br><br>When I use EAP-TTLS-PAP, I have this configuration in inner-tunnel:<br><br>post-auth {<br> sql{<br> fail=1<br> }<br> if (fail) {<br>
update reply {<br> Codigo-Reject = Imposible-Contactar-Backend<br> }<br> reply_log<br> reject<br> }<br> else{<br> reply_log<br> }<br>}<br><br>and this configuraion in outer-tunnel:<br>
<br>post-auth {<br>...<br><br> Post-Auth-Type REJECT {<br> update reply {<br> Codigo-Reject = Credenciales-Erroneas<br> }<br> sql{<br> fail=1<br> }<br>...<br>}<br clear="all"><br>If MySQL is down, post-auth inner-tunnel set Codigo-Reject = Imposible-Contactar-Backend<br>
<br>Post-Auth-Type REJECT don't have to update the reply because I'm using "=" operator<br><br>But, Post-Auth-Type REJECT set Codigo-Reject to Credenciales-Erroneas.<br><br>Debug log:<br><br># Executing section post-auth from file /etc/freeradius/sites-enabled/<div id=":1lo">
inner-tunnel<br>
+- entering group post-auth {...}<br>[sql] expand: %{Stripped-User-Name} -> 02747632<br>[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 02747632<br>[sql] sql_set_user escaped user --> '02747632'<br>
[sql] expand: INSERT INTO radpostauth (username, mac, client, reply, authdate,codreject,radauth)
VALUES ( LOWER('%{User-Name}'),
LOWER('%i'), '%C', '%{reply:Packet-Type}', NOW(), '%{reply:Codigo-Reject}','radius') -> INSERT INTO radpostauth (username, mac, client, reply, authdate,codreject,radauth)
VALUES ( LOWER('02747632'),
LOWER('66:77:99:B1:A0:2F'), 'PA', 'Access-Accept', NOW(), '','radius')<br>
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, mac, client, reply, authdate,codreject,radauth)
VALUES ( LOWER('02747632'),
LOWER('66:77:99:B1:A0:2F'), 'PA', 'Access-Accept', NOW(), '','radius')<br>
rlm_sql (sql): Ignoring unconnected handle 3..<br>rlm_sql (sql): Ignoring unconnected handle 2..<br>rlm_sql (sql): Ignoring unconnected handle 1..<br>rlm_sql (sql): Ignoring unconnected handle 0..<br>rlm_sql (sql): Ignoring unconnected handle 4..<br>
++[sql] returns fail<br>++? if (fail)<br>? Evaluating (fail) -> TRUE<br>++? if (fail) -> TRUE<br>++- entering if (fail) {...}<br>+++[reply] returns fail<br>[reply_log] expand: /var/log/freeradius/radacct/%Y/%m/%d/%{Client-IP-Address}-reply-detail-%Y%m%d -> /var/log/freeradius/radacct/2012/03/23/10.253.40.43-reply-detail-20120323<br>
[reply_log] /var/log/freeradius/radacct/%Y/%m/%d/%{Client-IP-Address}-reply-detail-%Y%m%d expands to /var/log/freeradius/radacct/2012/03/23/10.253.40.43-reply-detail-20120323<br>[reply_log] expand: %t -> Fri Mar 23 11:59:41 2012<br>
+++[reply_log] returns ok<br>+++[reject] returns reject<br>++- if (fail) returns reject<br>} # server inner-tunnel<br>[ttls] Got tunneled reply code 3<br> Relaciones = "03"<br> Nombre-Completo = "MARCOS"<br>
Codigo-Reject = Imposible-Contactar-Backend<br>[ttls] Got tunneled Access-Reject<br>[eapeduroam] Handler failed in EAP/ttls<br>[eapeduroam] Failed in EAP select<br>++[eapeduroam] returns invalid<br>Failed to authenticate the user.<br>
} # server eduroam<br>Using Post-Auth-Type Reject<br># Executing group from file /etc/freeradius/sites-enabled/eduroam<br>+- entering group REJECT {...}<br>++[reply] returns noop<br>[sql] expand: %{Stripped-User-Name} -> 02747632<br>
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 02747632<br>[sql] sql_set_user escaped user --> '02747632'<br>[sql] expand: INSERT INTO radpostauth (username, mac, client, reply, authdate,codreject,radauth)
VALUES ( LOWER('%{User-Name}'),
LOWER('%i'), '%C', '%{reply:Packet-Type}', NOW(), '%{reply:Codigo-Reject}','radius') -> INSERT INTO radpostauth (username, mac, client, reply, authdate,codreject,radauth)
VALUES ( LOWER('02747632'),
LOWER('66:77:99:B1:A0:2F'), 'PA', 'Access-Reject', NOW(), 'Credenciales-Erroneas','radius')<br>
rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, mac, client, reply, authdate,codreject,radauth)
VALUES ( LOWER('02747632'),
LOWER('66:77:99:B1:A0:2F'), 'PA', 'Access-Reject', NOW(), 'Credenciales-Erroneas','radius')<br>
rlm_sql (sql): Ignoring unconnected handle 3..<br>rlm_sql (sql): Ignoring unconnected handle 2..<br>rlm_sql (sql): Ignoring unconnected handle 1..<br>rlm_sql (sql): Ignoring unconnected handle 0..<br>rlm_sql (sql): Ignoring unconnected handle 4..<br>
++[sql] returns fail<br><br><br>I don't know what I'm doing wrong :(<br><br>I whould like to know wahta this mean:<br><br>[eapeduroam] Handler failed in EAP/ttls<br>
[eapeduroam] Failed in EAP select<br>
++[eapeduroam] returns invalid<br><br>And, the last thing, can I do:<br><br># inner-tunnel<br><br>post-auth {<br> sql{<br> fail=1<br> }<br> if (fail) {<br> update reply {<br> Codigo-Reject = Imposible-Contactar-Backend<br>
<b> Packet-Type := Access-Reject</b><br> }<br> reply_log<br> reject<br> }<br><br>Thank you very much and sorry for my english.<br><br><br><br><br>::::::::::::::::::::::::::::::::::::<br>:: Ana Gallardo Gómez ::<br>
::::::::::::::::::::::::::::::::::::</div>