Access-Reject in a php script
manIP
manvoip at gmail.com
Sun Oct 28 13:19:06 CET 2007
Hi,
Have you find out any solutions to that problem?
I'm waiting for an answer before modifying the source code...
May be, there is a bug and the official source code should be modified as
Patric did.
Cheers!
Khalid :)
Hi all,
>
> Thanks again!
> I've tried to put return(2) and it does not work because my client
> receives
> an Access-Accept.
> If I let exit(2), the server does not send anything so the client fall in
> time out. The user will not have access but he will make many attempts as
> long as he does not receive an Access-Reject packet. Furthermore, he needs
> to know what is going on...
> BTW, I'm using the "NTRadPing Test Utility" client.
>
> hereunder is the output debug:
> Module: Instantiated realm (suffix)
> exec: wait = yes
> exec: program = "/home/authentication.php"
> exec: input_pairs = "request"
> exec: output_pairs = "reply"
> exec: packet_type = "Access-Request"
> Module: Instantiated exec (myauth)
> Module: Instantiated files (files)
> exec: wait = yes
> exec: program = "/home/accounting.php"
> exec: input_pairs = "request"
> exec: output_pairs = "reply"
> exec: packet_type = "Accounting-Request"
> Module: Instantiated exec (myacct)
>
>
> rad_recv: Access-Request packet from host x.x.x.x:2658, id=49, length=58
> User-Name = "xxx"
> User-Password = "xxx"
> Processing the authorize section of radiusd.conf
> modcall: entering group authorize for request 0
> modcall[authorize]: module "preprocess" returns ok for request 0
> modcall[authorize]: module "chap" returns noop for request 0
> modcall[authorize]: module "mschap" returns noop for request 0
> rlm_realm: Looking up realm "xxx" for User-Name = "xxx"
> rlm_realm: No such realm "xxxx"
> modcall[authorize]: module "suffix" returns noop for request 0
> rlm_eap: No EAP-Message, not doing EAP
> modcall[authorize]: module "eap" returns noop for request 0
> Exec-Program output:
> Exec-Program: returned: 2
> rlm_exec (myauth): External script failed
> modcall[authorize]: module "myauth" returns fail for request 0
> modcall: leaving group authorize (returns fail) for request 0
> Finished request 0
> Going to the next request
> --- Walking the entire request list ---
> Waking up in 6 seconds...
> rad_recv: Access-Request packet from host xxxxx, id=49, length=58
> Discarding duplicate request from client xxxx - ID: 49
> --- Walking the entire request list ---
> Waking up in 2 seconds...
> --- Walking the entire request list ---
> Cleaning up request 0 ID 49 with timestamp 4721d900
> Nothing to do. Sleeping until we see a request.
>
> Thank you very much anyway!
>
> Patric wrote:
> > > Something just occurred to me that I dont think I tried before.
> > > What happens if instead of doing an
> > >
> > > exit(2);
> > >
> > > you do a
> > >
> > > return(2);
> > >
> > > This way your script will still exit clean, so freeradius wont pick it
> > > up as a script failure, but hopefully will still get the result?
> >
> > No. If the script succeeds, the output is either a text message, or
> > RADIUS attributes that go into an Access-Accept.
> >
> > If the script fails, the server sends an Access-Reject.
> >
> > Stop playing games with PHP and post the output of "radiusd -X". I'll
> > bet money that the solution is right there in the debug output.
> >
> > Alan DeKok.
> >
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20071028/8a663989/attachment.html>
More information about the Freeradius-Users
mailing list