Determining which module caused a reject

Jack Smith jcksmth1978 at gmail.com
Wed Apr 15 10:21:12 CEST 2009


Hi

I am running freeradius 2.1.4. Alan has mentioned that unlang logic
should be restricted to Post-Auth (afterall, that is what it is there
for). In order for me to do this, I need to know in the Post-Auth-Type
REJECT which module caused the reject.

Currently, I can do this in the authentication section quite easily:

authenticate {
        Auth-Type PAP {
                pap {
                        ok = return
                        reject = 1
                }

                if (reject) {
                        update reply {
                                Reply-Message := "Incorrect password
for %{User-Name}"
                        }
                }
        }

        Auth-Type CHAP {
                chap {
                        ok = return
                        reject = 1
                }

                if (reject) {
                        update reply {
                                Reply-Message := "Incorrect password
for %{User-Name}"
                        }
                }
        }

}

But as I said, I would like to move this logic to the Post-Auth-Type
Reject. It is not only Auth-Type PAP or CHAP which can cause a reject,
my SQL module can also cause a reject. Hence I cannot use the
following logic (lets assume we used PAP authentication) in the
Post-Auth-Type REJECT:

Post-Auth-Type REJECT {
 if (pap) {
 }
}

The reason why I cannot use the above is because in the scenario when
a user is successfully authenticated using PAP, but the SQL module
rejects him (lets say due to lack of credit), the above if statement
will evaluate to true.

To summarise once again: How can I obtain which module caused the
reject in the Post-Auth-Type REJECT?

Thanks in advance



More information about the Freeradius-Users mailing list