Access-Reject in a php script

Patric patrict at
Fri Oct 26 12:02:51 CEST 2007

Alan DeKok wrote:
> Patric wrote:
>> Something just occurred to me that I dont think I tried before.
>> What happens if instead of doing an
>> exit(2);
>> you do a
>> return(2);
>> This way your script will still exit clean, so freeradius wont pick it
>> up as a script failure, but hopefully will still get the result?
>   No.  If the script succeeds, the output is either a text message, or
> RADIUS attributes that go into an Access-Accept.
>   If the script fails, the server sends an Access-Reject.
>   Stop playing games with PHP and post the output of "radiusd -X".  I'll
> bet money that the solution is right there in the debug output.

According to the code you are 100% correct :

         result = radius_exec_program(inst->program, request,
                                      inst->wait, NULL, 0,
                                      in, &answer);
         if (result != 0) {
                 radlog(L_ERR, "rlm_exec (%s): External script failed",
                 return RLM_MODULE_FAIL;

For some reason I could not get freeradius to return an access-reject 
before the request timed out, even when I set "reject_delay = 0"

I think I understand you now, and that is where my problem lay - I 
should have figured out why the reject was not being sent back in time, 
instead of changing the code?

Is that right?


Q: I want to be a sysadmin.  What should I do?

A: Seek professional help.

Get a free email account with anti spam protection.

More information about the Freeradius-Users mailing list