Possible bug in configurable failover
Brian Candler
B.Candler at pobox.com
Tue Mar 15 09:44:22 CET 2011
Alan DeKok wrote:
> The "update" section should behave identically to the "if".
It doesn't at the moment.
Version 1 policy.conf:
testing_module {
if (1) {
update reply {
Reply-Message += "Foo"
}
}
if (1) {
update reply {
Reply-Message += "Bar"
}
}
ok
}
Results:
$ bin/radtest steve badpass localhost 1 testing123
Sending Access-Request of id 69 to 127.0.0.1 port 1812
User-Name = "steve"
User-Password = "badpass"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
rad_recv: Access-Reject packet from host 127.0.0.1 port 1812, id=69, length=25
Reply-Message = "Foo"
$
Version 2 policy.conf:
testing_module {
#if (1) {
update reply {
Reply-Message += "Foo"
}
#}
#if (1) {
update reply {
Reply-Message += "Bar"
}
#}
ok
}
Results:
$ bin/radtest steve badpass localhost 1 testing123
Sending Access-Request of id 33 to 127.0.0.1 port 1812
User-Name = "steve"
User-Password = "badpass"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
rad_recv: Access-Accept packet from host 127.0.0.1 port 1812, id=33, length=81
Service-Type = Framed-User
Framed-Protocol = PPP
Framed-IP-Address = 172.16.3.33
Framed-IP-Netmask = 255.255.255.0
Framed-Routing = Broadcast-Listen
Filter-Id = "std.ppp"
Framed-MTU = 1500
Framed-Compression = Van-Jacobson-TCP-IP
Reply-Message = "Foo"
Reply-Message = "Bar"
$
So: without the 'ifs', the three sections are run sequentially (update,
update, ok). With the 'ifs', only the first section is run.
Authenticate section has:
Auth-Type PAP {
pap {
ok = return
reject = 1
}
testing_module
}
Regards,
Brian.
More information about the Freeradius-Devel
mailing list