Use of sql module on proxy process inside authorize section..

Geaaru geaaru at gmail.com
Thu Jun 11 18:49:22 CEST 2015


My fault.
I can see Auth-Type through control list with
if ("%{Control:Auth-Type}" == "Reject") {
        reject
}
G,
On Thu, 2015-06-11 at 18:23 +0200, Geaaru wrote:
> I'm trying to check username/password before proxy request in
> authorize section and return a cursor with Auth-Type := Reject if
> user doesn't exists. Freeradius version is 3.0.8.
> 
> I have a configuration like this:
> 
>         > authorize {
> 
>         >       > preprocess
>         >       > suffix
> 
>         >       > sql
> 
>         >       > #if (notfound) {
>         >       > #>    > reject
>         >       > #}
> 
>         >       > if (&Auth-Type == "Reject") {
>         >       >       > reject
>         >       > }
>         }
> 
> But it seems that Auth-Type item return by sql module is ignored. If
> I add a python module that print all attributes after sql module I
> see that Auth-Type attribute is not present. Is correct ? Auth-Type
> field return by sql module is ignored inside a proxy process? Some
> thing if I try to return Auth-Type Reject in authorize_reply query.
> 
> An alternative is return an empty cursor that generate a notfound
> status of module, but I don't understand why Auth-Type field is not
> propagate.
> 
> Logs:
> 
> Thu Jun 11 18:09:29 2015 : Debug: (0) sql: User found in radcheck
> table
> Thu Jun 11 18:09:29 2015 : Debug: (0) sql: Conditional check items
> matched, merging assignment check items
> Thu Jun 11 18:09:29 2015 : Debug: (0) sql:   Auth-Type := Reject
> Thu Jun 11 18:09:29 2015 : Debug: rlm_sql (sql): Released connection
> (4)
> Thu Jun 11 18:09:29 2015 : Debug: (0)     modsingle[authorize]:
> returned from sql (rlm_sql) for request 0
> Thu Jun 11 18:09:29 2015 : Debug: (0)     [sql] = ok
> Thu Jun 11 18:09:29 2015 : Debug: (0)     modsingle[authorize]:
> calling python (rlm_python) for request 0
> ...
> Thu Jun 11 18:09:29 2015 : Debug: (0)     if (&Auth-Type == "Reject")
> {
> Thu Jun 11 18:09:29 2015 : ERROR: (0)     Failed retrieving values
> required to evaluate condition
> Thu Jun 11 18:09:29 2015 : Debug: (0)   } # authorize = updated
> 
> Thanks in advance
> 
> G.


More information about the Freeradius-Devel mailing list