rlm_perl and RLM_MODULE_REJECT

Jean-Michel Caricand jean-michel.caricand at lifc.univ-fcomte.fr
Fri Jan 25 13:12:52 CET 2008


Le vendredi 25 janvier 2008 12:55, Boian Jordanov a écrit :
> Try with RLM_MODULE_FAIL in post_proxy
>
>
> Best Regards,
> Boian Jordanov
> SNE
> Orbitel - Next Generation Telecom
> tel. +359 2 4004 723
> tel. +359 2 4004 002
>
> On Jan 25, 2008, at 12:35 PM, Jean-Michel Caricand wrote:
> >> doesn't make sense to use RLM_MODULE_REJECT in post_proxy. May be you
> >> need pre_proxy ?
> >>
> >>  From radius.conf file
> >>
> >> #
> >> #  When the server decides to proxy a request to a home server,
> >> #  the proxied request is first passed through the pre-proxy
> >> #  stage.  This stage can re-write the request, or decide to
> >> #  cancel the proxy.
> >> #
> >> #  Only a few modules currently have this method.
> >> #
> >>
> >>
> >> Best Regards,
> >> Boian Jordanov
> >> SNE
> >> Orbitel - Next Generation Telecom
> >> tel. +359 2 4004 723
> >> tel. +359 2 4004 002
> >>
> >> On Jan 25, 2008, at 11:52 AM, Jean-Michel Caricand wrote:
> >>> I have a question on rlm_perl and RLM_MODULE_REJECT. If in a
> >>> function
> >>> (post_proxy) I return RLM_MODULE_REJECT I can see this in log :
> >>
> >> -
> >> List info/subscribe/unsubscribe? See
> >> http://www.freeradius.org/list/users.html
> >
> > But I must check some attributes defined by my home server. I can't
> > check
> > them in pre_proxy because they are not set. No ?
> >
> > I want to reject the access if by example the Framed-IP-Address is
> > not in
> > a valid range.
> >
> > Thank.
> >
> > -
> > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/
> > users.html
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html

With RLM_MODULE_FAIL, I get theses messages :

modcall[post-proxy]: module "perl1" returns fail for request 0
modcall: leaving group post-proxy (returns fail) for request 0
Going to the next request
Waking up in 6 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:42610, id=123, length=71
Discarding duplicate request from client localhost:42610 - ID: 123 due to 
unfinished request 0
--- Walking the entire request list ---
Waking up in 28 seconds...
rad_recv: Access-Request packet from host 127.0.0.1:42610, id=123, length=71
Discarding duplicate request from client localhost:42610 - ID: 123 due to 
unfinished request 0
--- Walking the entire request list ---
Waking up in 25 seconds...


-- 
Jean-Michel Caricand
Tél: 03.81.66.20.63
E-mail: jean-michel.caricand at lifc.univ-fcomte.fr

Equipe systèmes
Laboratoire d'Informatique de l'Université de Franche-Comté
16, route de Gray - 25030 BESANÇON CEDEX




More information about the Freeradius-Users mailing list