Use of sql module on proxy process inside authorize section..
Geaaru
geaaru at gmail.com
Thu Jun 11 18:23:24 CEST 2015
I'm trying to check username/password before proxy request in authorize
section and return a cursor with Auth-Type := Reject if user doesn't
exists. Freeradius version is 3.0.8.
I have a configuration like this:
authorize {
preprocess
suffix
sql
#if (notfound) {
# reject
#}
if (&Auth-Type == "Reject") {
reject
}
}
But it seems that Auth-Type item return by sql module is ignored. If I
add a python module that print all attributes after sql module I see
that Auth-Type attribute is not present. Is correct ? Auth-Type field
return by sql module is ignored inside a proxy process? Some thing if I
try to return Auth-Type Reject in authorize_reply query.
An alternative is return an empty cursor that generate a notfound
status of module, but I don't understand why Auth-Type field is not
propagate.
Logs:
Thu Jun 11 18:09:29 2015 : Debug: (0) sql: User found in radcheck table
Thu Jun 11 18:09:29 2015 : Debug: (0) sql: Conditional check items
matched, merging assignment check items
Thu Jun 11 18:09:29 2015 : Debug: (0) sql: Auth-Type := Reject
Thu Jun 11 18:09:29 2015 : Debug: rlm_sql (sql): Released connection
(4)
Thu Jun 11 18:09:29 2015 : Debug: (0) modsingle[authorize]:
returned from sql (rlm_sql) for request 0
Thu Jun 11 18:09:29 2015 : Debug: (0) [sql] = ok
Thu Jun 11 18:09:29 2015 : Debug: (0) modsingle[authorize]: calling
python (rlm_python) for request 0
...
Thu Jun 11 18:09:29 2015 : Debug: (0) if (&Auth-Type == "Reject") {
Thu Jun 11 18:09:29 2015 : ERROR: (0) Failed retrieving values
required to evaluate condition
Thu Jun 11 18:09:29 2015 : Debug: (0) } # authorize = updated
Thanks in advance
G.
More information about the Freeradius-Devel
mailing list