Access-Reject in a php script
Patric
patrict at bluebottle.com
Fri Oct 26 12:02:51 CEST 2007
Alan DeKok wrote:
> Patric wrote:
>> Something just occurred to me that I dont think I tried before.
>> What happens if instead of doing an
>>
>> exit(2);
>>
>> you do a
>>
>> return(2);
>>
>> This way your script will still exit clean, so freeradius wont pick it
>> up as a script failure, but hopefully will still get the result?
>
> No. If the script succeeds, the output is either a text message, or
> RADIUS attributes that go into an Access-Accept.
>
> If the script fails, the server sends an Access-Reject.
>
> Stop playing games with PHP and post the output of "radiusd -X". I'll
> bet money that the solution is right there in the debug output.
According to the code you are 100% correct :
result = radius_exec_program(inst->program, request,
inst->wait, NULL, 0,
in, &answer);
if (result != 0) {
radlog(L_ERR, "rlm_exec (%s): External script failed",
inst->xlat_name);
return RLM_MODULE_FAIL;
}
For some reason I could not get freeradius to return an access-reject
before the request timed out, even when I set "reject_delay = 0"
I think I understand you now, and that is where my problem lay - I
should have figured out why the reject was not being sent back in time,
instead of changing the code?
Is that right?
--
Q: I want to be a sysadmin. What should I do?
A: Seek professional help.
----------------------------------------------------------------------
Get a free email account with anti spam protection.
http://www.bluebottle.com/tag/2
More information about the Freeradius-Users
mailing list