post-auth module

Manuel Sánchez Cuenca msc at dif.um.es
Mon Oct 30 11:02:47 CET 2006 

Hello all.

I have developed a freeradius module which I want to be executed only 
after a successful authentication, therefore I have put it in the 
post-auth section.

But the problem is that the module is being execute two times. This is 
the freeradius log:

-------------------------------------------------------------------------------------------
  Processing the authenticate section of radiusd.conf
modcall: entering group authenticate for request 8
  rlm_eap: Request found, released from the list
  rlm_eap: EAP/mschapv2
  rlm_eap: processing type mschapv2
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 8
modcall: leaving group authenticate (returns ok) for request 8
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 8
********************************** rlm_my_module 
********************************** *
  modcall[post-auth]: module "nassaml_authz" returns ok for request 8
modcall: leaving group post-auth (returns ok) for request 8
  PEAP: Tunneled authentication was successful.
  rlm_eap_peap: SUCCESS
  modcall[authenticate]: module "eap" returns handled for request 8
modcall: leaving group authenticate (returns handled) for request 8
*Sending Access-Challenge *of id 0 to 155.54.205.100 port 2048

.
.
.
  rlm_eap_peap: EAPTLS_OK
  rlm_eap_peap: Session established.  Decoding tunneled attributes.
  rlm_eap_peap: Received EAP-TLV response.
  rlm_eap_peap: Tunneled data is valid.
  rlm_eap_peap: Success
  rlm_eap: Freeing handler
  modcall[authenticate]: module "eap" returns ok for request 9
modcall: leaving group authenticate (returns ok) for request 9
  Processing the post-auth section of radiusd.conf
modcall: entering group post-auth for request 9
********************************** rlm_my_module 
***********************************
El usuario para autenticar es [lolo]
El servidor con el que comunicarnos es [155.54.205.229:5555]
La decision ha sido: 1
  modcall[post-auth]: module "nassaml_authz" returns ok for request 9
modcall: leaving group post-auth (returns ok) for request 9
*Sending Access-Accept* of id 0 to 155.54.205.100 port 2048

-------------------------------------------------------------------------------------------

I can't understand why, after execute the first time the post auth 
section, an access-challenge is sent, instead of an Access-Accept, such 
as in the second time this section is executed.

Can anybody help me?

Thanks in advance.

-- 
-----------------------------
Manuel Sanchez Cuenca
Departamento de Ingenieria de la Informacion y las Comunicaciones
Facultad de Informatica. Universidad de Murcia
Campus de Espinardo - 30080 Murcia (SPAIN)
Tel.: +34-968-364644    Fax: +34-968-364151
email: msc at dif.um.es  |  manuelsc at um.es
url: http://libra.inf.um.es/~lolo

More information about the Freeradius-Devel mailing list