return code of "session" section ignored?
Milan Holub
holub at thenet.ch
Thu May 3 13:26:47 CEST 2007
Hi Alan,
probably another bug report:
in my radiusd.conf:
...
session {
reject
}
...
and when authenticating some user:
2007-05-03 12:57:50.210429500 modcall[authenticate]: module "perl" returns ok for request 4
2007-05-03 12:57:50.210432500 modcall: group PERL returns ok for request 4
2007-05-03 12:57:50.210434500 Processing the session section of radiusd.conf
2007-05-03 12:57:50.210436500 modcall: entering group session for request 4
2007-05-03 12:57:50.210451500 modcall[session]: module "reject" returns reject for request 4
2007-05-03 12:57:50.210453500 modcall: group session returns reject for request 4
2007-05-03 12:57:50.210456500 Login OK: [skzxtz/xtbsjs] (from client localhost port 5281)
2007-05-03 12:57:50.210458500 Processing the post-auth section of radiusd.conf
2007-05-03 12:57:50.210460500 modcall: entering group post-auth for request 4
As you can see "group session" returned REJECT but the user is accepted!
Is it a bug or a feature? Or am I missing something?
I've discovered this when having:
...
session {
sql {
fail = reject
}
}
...
I'm using checkrad to query NAS about the user. By above I wanted to
assure that when the checkrad fails(eg. because of firewall) then by
default we assume that the user is logged in...
Please advise.
PS: Observed on cvs head from Apr 30 but I've checked changes since
then and I do not think this was fixed.
Milan Holub
holub (at) thenet (dot) ch
--------------------------------------
TheNet-Internet Services AG,
im Bernertechnopark, Morgenstr. 129
CH-3018, Bern, Switzerland
031 998 4333, Fax 031 998 4330
http://www.thenet.ch
http://wlan.thenet.ch
--------------------------------------
More information about the Freeradius-Users
mailing list