External authentication and Reply-Message
Velikanov
alex at asu.farlep.net
Fri Jul 15 14:00:28 CEST 2005
GOOD DAY.
I use freeradius-snapshot-20050624.
I want to use External authentication
My radiusd.conf:
........................
exec echo {
wait = yes
program = "/usr/local/etc/raddb/radius.auth"
input_pairs = request
output_pairs = reply
}
.........................
authorize {
.............
files
echo
sql
}
.........................
My users file:
DEFAULT Auth-Type := Accept
Reply-Message = "`%{echo:/usr/local/etc/raddb/radius.auth}`
My test programm with name /usr/local/etc/raddb/radius.auth:
#!/bin/sh
echo "Reply-Message += You are already logged in"
exit 0
# end of programm
The aim is to authenticate users under sertain conditions, return "0" for
Accept, "1" for Reject end return
certain value of Reply-Message. When programm return "0" - I DO see the
value "You are already logged in", BUT
when programm return "1" - I DO NOT see the value "You are already logged
in". I see Reply-Message = "``"
It is the OUTPUT of radiusd -X for exit 0
rad_recv: Access-Request packet from host 192.168.98.100 port 1030, id=48,
lengt
h=58
User-Name = "morgan"
User-Password = "test"
NAS-IP-Address = 213.NNN.12.17
Framed-Protocol = PPP
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 0
modcall[authorize]: module "preprocess" returns ok for request 0
modcall[authorize]: module "chap" returns noop for request 0
rlm_realm: No '@' in User-Name = "morgan", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 0
users: Matched entry DEFAULT at line 1
radius_xlat: Running registered xlat function of module echo for string
'/usr/lo
cal/etc/raddb/radius.auth'
rlm_exec (echo): Executing /usr/local/etc/raddb/radius.auth
Exec-Program output: Reply-Message += You are already logged in
Exec-Program-Wait: plaintext: Reply-Message += You are already logged in
Exec-Program: returned: 0
rlm_exec (echo): result 0
radius_xlat: '`Reply-Message += You are already logged in `'
modcall[authorize]: module "files" returns ok for request 0
Exec-Program output: Reply-Message += You are already logged in
Exec-Program-Wait: plaintext: Reply-Message += You are already logged in
Exec-Program: returned: 0
modcall[authorize]: module "echo" returns ok for request 0
radius_xlat: 'morgan'
rlm_sql (sql): sql_set_user escaped user --> 'morgan'
rlm_sql (sql): Reserving sql socket id: 13
radius_xlat: 'SELECT * FROM TABLE(CAST(INTERNET_SECURITY.CHECK_USER
?('morgan',
?'213.130.12.17','','') AS RAD_ROWS)) '
rlm_sql (sql): User found in radcheck table
radius_xlat: 'SELECT * FROM
?TABLE(CAST(INTERNET_SECURITY.REPLY_USER('morgan','
213.130.12.17','PPP','Framed-User','', ?'','') AS RAD_ROWS)) '
rlm_sql (sql): Released sql socket id: 13
modcall[authorize]: module "sql" returns ok for request 0
modcall: leaving group authorize (returns ok) for request 0
rad_check_password: Found Auth-Type PAP
auth: type "PAP"
Processing the authenticate section of radiusd.conf
modcall: entering group PAP for request 0
rlm_pap: login attempt with password test
rlm_pap: Using clear text password.
rlm_pap: User authenticated succesfully
modcall[authenticate]: module "pap" returns ok for request 0
modcall: leaving group PAP (returns ok) for request 0
Processing the session section of radiusd.conf
modcall: entering group session for request 0
.......................................................................
modcall[post-auth]: module "sql" returns ok for request 0
modcall: leaving group post-auth (returns ok) for request 0
Sending Access-Accept of id 48 to 192.168.98.100 port 1030
Reply-Message = "`Reply-Message += You are already logged in\n`"
Framed-Compression = Van-Jacobson-TCP-IP
.........................................................................
I DO SEE the VALUE of ATTRIBUTE "Reply-Message"
It is the OUTPUT of radiusd -X for exit 1
rad_recv: Access-Request packet from host 192.168.98.100 port 1030, id=58,
lengt
h=58
User-Name = "morgan"
User-Password = "test"
NAS-IP-Address = 213.NNN.12.17
Framed-Protocol = PPP
Processing the authorize section of radiusd.conf
modcall: entering group authorize for request 2
modcall[authorize]: module "preprocess" returns ok for request 2
modcall[authorize]: module "chap" returns noop for request 2
rlm_realm: No '@' in User-Name = "morgan", looking up realm NULL
rlm_realm: No such realm "NULL"
modcall[authorize]: module "suffix" returns noop for request 2
users: Matched entry DEFAULT at line 1
radius_xlat: Running registered xlat function of module echo for string
'/usr/lo
cal/etc/raddb/radius.auth'
rlm_exec (echo): Executing /usr/local/etc/raddb/radius.auth
Exec-Program output: Reply-Message += You are already logged in
Exec-Program-Wait: plaintext: Reply-Message += You are already logged in
Exec-Program: returned: 1
rlm_exec (echo): result 1
radius_xlat: '``'
modcall[authorize]: module "files" returns ok for request 2
Exec-Program output: Reply-Message += You are already logged in
Exec-Program-Wait: plaintext: Reply-Message += You are already logged in
Exec-Program: returned: 1
modcall[authorize]: module "echo" returns reject for request 2
modcall: leaving group authorize (returns reject) for request 2
Invalid user: [morgan/test] (from client apus_old port 0)
Delaying request 2 for 1 seconds
Finished request 2
Going to the next request
--- Walking the entire request list ---
Waking up in 1 seconds...
--- Walking the entire request list ---
Sending Access-Reject of id 58 to 192.168.98.100 port 1030
Reply-Message = "``"
Waking up in 4 seconds...
I DO NOT SEE the VALUE of ATTRIBUTE "Reply-Message"
WHERE IS MY MISTAKE(S).
THANKS.
More information about the Freeradius-Users
mailing list