<html>
<head>
<meta content="text/html; charset=UTF-8" http-equiv="Content-Type">
</head>
<body text="#000000" bgcolor="#FFFFFF">
<div class="moz-cite-prefix">Hello,<br>
<br>
I've made some additional investigation and it seems, the problem
is only present when request is rejected in post-auth section.<br>
<br>
Any cue how to overcome this.<br>
<br>
I need to reject requests based on some attributes received from
proxied response. But the same code is also used when no proxying
is performed.<br>
<br>
Any suggestions ?<br>
I'm not as fluent in C programing to debug the code and locate the
problem. Besides I even don't know if it is a bug or planned
feature.<br>
<br>
Could some please point the part of code where to look for the
issue ?<br>
<br>
<br>
W dniu 2014-11-27 15:49, Wiesław Bieniek pisze:<br>
</div>
<blockquote cite="mid:54773A02.1020706@comarch.com" type="cite">
<meta http-equiv="content-type" content="text/html; charset=UTF-8">
Hello,<br>
<br>
I've used default server configured as follows:<br>
post-auth { <br>
# my module decides to allow or reject request<br>
rtdps2<br>
<br>
Post-Auth-Type REJECT {<br>
<br>
attr_filter.access_reject<br>
}<br>
<br>
}<br>
<br>
When I run this on 2.2.0 I got debug:<br>
<br>
Thu Nov 27 14:28:44 2014 : Info: ++[rtdps2] returns reject<br>
Thu Nov 27 14:28:44 2014 : Info: Using Post-Auth-Type REJECT<br>
Thu Nov 27 14:28:44 2014 : Info: # Executing group from file
../etc/raddb/sites-enabled/default<br>
Thu Nov 27 14:28:44 2014 : Info: +- entering group REJECT {...}<br>
Thu Nov 27 14:28:44 2014 : Info: [attr_filter.access_reject]
expand: %{User-Name} -> testing<br>
Thu Nov 27 14:28:44 2014 : Debug: attr_filter: Matched entry
DEFAULT at line 11<br>
Thu Nov 27 14:28:44 2014 : Info: ++[attr_filter.access_reject]
returns updated<br>
Sending Access-Reject of id 80 to 192.168.1.4 port 33304<br>
Cisco-AVPair := "h323-return-code=8"<br>
<br>
Which is correct, but when I run it in 2.2.6 I got:<br>
<br>
Thu Nov 27 14:19:35 2014 : Info: ++[rtdps2] = reject<br>
Thu Nov 27 14:19:35 2014 : Info: +} # group post-auth = reject<br>
Sending Access-Reject of id 186 to 192.168.1.4 port 49975<br>
Service-Type = 0<br>
Framed-Protocol = 0<br>
Cisco-AVPair := "h323-return-code=8"<br>
Thu Nov 27 14:19:35 2014 : Info: Finished request 0.<br>
<br>
Which is wrong, because attributes was not filtered out.<br>
<br>
Am I missing something ?<br>
Is this a bug ?<br>
What to do to make version 2.2.6 to work the same way 2.2.0 does ?<br>
<br>
<br>
<br>
<div class="moz-signature">Regards- <br>
<span style="font-family: Arial, Helvetica, sans-serif;
font-size: 9pt; color: #4d4d4d;"> <strong>Wiesław Bieniek</strong><br>
<br>
</span></div>
<br>
<fieldset class="mimeAttachmentHeader"></fieldset>
<br>
<pre wrap="">-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a></pre>
</blockquote>
<br>
<br>
<div class="moz-signature">-- <br>
<span style="font-family: Arial, Helvetica, sans-serif; font-size:
9pt; color: #4d4d4d;">
<strong>Wiesław Bieniek</strong><br>
Projektant Telco BSS R&D<br>
<br>
tel. +48 12 646 12 66<br>
website: <a href="http://www.comarch.pl">www.comarch.pl</a>
</span></div>
</body>
</html>