Simple question about adding own attribute to proxy reply

Valeriy V. Peshkoff peshkoff at gmail.com
Wed Jul 27 13:27:55 CEST 2005


Nicolas Baradakis пишет:

>Valeriy V. Peshkoff wrote:
>
>  
>
>>Using attr_rewrite i can add reply-message to any packet.
>>But i want add Reply-Message only to the Access-Reject packet or use
>>different Reply-Message to Accept and Reject. How can i do it?
>>    
>>
>
>See http://www.freeradius.org/radiusd/doc/Post-Auth-Type
>
>  
>
Can you help me giving example on how to do it?

I have this in radius.conf

post-auth {
Post-Auth-Type REJECT {
Reply-Message
}
}

When i create
attr_rewrite Reply-Message {
attribute = Reply-Message
# may be "packet", "reply", "proxy", "proxy_reply" or "config"
searchin = proxy_reply
searchfor = "[+ ]"
replacewith = "Not allowed here"
ignore_case = no
new_attribute = yes
max_matches = 10
## If set to yes then the replace string will be appended to the 
original string
append = no
}

I see in log

rad_recv: Access-Reject packet from host 172.16.180.6:1645, id=1, length=20
Processing the post-proxy section of radiusd.conf
modcall: entering group post-proxy for request 1
radius_xlat: '60'
rlm_attr_rewrite: Added attribute Idle-Timeout with value '60'
modcall[post-proxy]: module "Idle-Timeout" returns ok for request 1
radius_xlat: '60'
rlm_attr_rewrite: Added attribute Acct-Interim-Interval with value '60'
modcall[post-proxy]: module "Acct-Interim-Interval" returns ok for request 1
radius_xlat: '1'
rlm_attr_rewrite: Added attribute Class with value '1'
modcall[post-proxy]: module "Class" returns ok for request 1
modcall[post-proxy]: module "eap" returns noop for request 1
modcall: group post-proxy returns ok for request 1
Login incorrect (Home Server says so): [quantumw/quant] (from client 
peshkoff.quantum.ru port 0)
Processing the post-auth section of radiusd.conf
modcall: entering group Post-Auth-Type for request 1
radius_xlat: 'Not allowed here'
rlm_attr_rewrite: Added attribute Reply-Message with value 'Not allowed 
here'
modcall[post-auth]: module "Reply-Message" returns ok for request 1
modcall: group Post-Auth-Type returns ok for request 1
Delaying request 1 for 1 seconds
Finished request 1
Going to the next request
Waking up in 3 seconds...
--- Walking the entire request list ---
Cleaning up request 0 ID 15 with timestamp 42e771e5
Sending Access-Reject of id 16 to 192.168.18.77:1103
Waking up in 3 seconds...

But i don't see Replay-Message in my radius client (NTradping)

-- 
Russia,  St. Petersburg
Quantum Communications
Valeriy V. Peshkov | simps at quantum.ru
+7 (812) 327-6131
+7 (812) 327-1442


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 3174 bytes
Desc: S/MIME Cryptographic Signature
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20050727/2f231271/attachment.bin>


More information about the Freeradius-Users mailing list