<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2//EN">
<HTML>
<HEAD>
<META HTTP-EQUIV="Content-Type" CONTENT="text/html; charset=us-ascii">
<META NAME="Generator" CONTENT="MS Exchange Server version 6.5.7638.1">
<TITLE>module-failure-message in exec module</TITLE>
</HEAD>
<BODY>
<!-- Converted from text/rtf format -->
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Hi all,</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> Trying to use the provided ntlm_auth exec module to authenticate users where the NAS uses pap, which works fine. I just want to improve my error reporting and pick up the return string from the failure of the module</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">, .e.g –</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Exec plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)</FONT></SPAN><SPAN LANG="en-gb"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Looking around on the internet it seems I might use something like:</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Auth-Type NTLM_AUTH {</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> ntlm_auth</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> if (ok) {</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> }</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> else {</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> update reply {</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> reply-message += "%{Module-Failure-Message}"</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> }</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> }</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"> }</FONT></SPAN><SPAN LANG="en-gb"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">But the else statement never seems to get processed :</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Exec output: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Exec plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a)</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">[ntlm_auth] Exec: program returned: 1</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">++[ntlm_auth] returns reject</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Using Post-Auth-Type REJECT</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri"># Executing group from file /usr/local/etc/raddb/sites-enabled/default</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">+- entering group REJECT {...}</FONT></SPAN><SPAN LANG="en-gb"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Questions are – does th</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri">e</FONT></SPAN><SPAN LANG="en-gb"><FONT FACE="Calibri"></FONT></SPAN><SPAN LANG="en-gb"> <FONT FACE="Calibri">exec</FONT></SPAN><SPAN LANG="en-gb"> <FONT FACE="Calibri">module return</FONT></SPAN><SPAN LANG="en-gb"> <FONT FACE="Calibri">to the</FONT></SPAN><SPAN LANG="en-gb"> <FONT FACE="Calibri">Module-Failure-Message</FONT></SPAN><SPAN LANG="en-gb"> <FONT FACE="Calibri">variable or another I can use, and why doesn’t it process the subsection of the auth-type section on failure?</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Thanks</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"><FONT FACE="Calibri">Andy</FONT></SPAN></P>
<P DIR=LTR><SPAN LANG="en-gb"></SPAN></P>
</BODY>
</HTML>