refresh variable after exec module

bLn pruebasradius at gmail.com
Thu Jun 4 18:33:11 CEST 2009


Ok, I'm back with another cuestion.

now, if I put the variable in this way, I send the Reply-Message (pepe) 
with Access-Reject connections
update reply {
           Reply-Message := "pepe"
       }

Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> Copazo24 at prueba.com
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
++[reply] returns updated

Sending Access-Reject of id 46 to 192.168.1.10 port 32925
        Reply-Message = "pepe"


but if I wanna update it with a variable that I got from external script 
and I put this:
      update reply {
           Reply-Message := "%{reply:Reply-Message}"

+- entering group post-auth {...}
[exec]  expand: %{User-Name} -> Copazo24 at prueba.com
[exec]  expand: %{Reply-Message} ->
Exec-Program output: VALOR 1(Username) ES Copazo24 at prueba.com El usuario 
ya esta cnectado  El usuario ya esta conectado
Exec-Program-Wait: plaintext: VALOR 1(Username) ES Copazo24 at prueba.com 
El usuario ya esta cnectado  El usuario ya esta conectado
Exec-Program: returned: 255
++[exec] returns fail
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject]     expand: %{User-Name} -> Copazo24 at prueba.com
 attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
        expand: %{reply:Reply-Message} -> NULL
++[reply] returns updated

Is it correct this way? Reply-Message := "%{reply:Reply-Message}"

thanks


bLn escribió:
> Good morning,
>
> I back with the same problem.
>
> I've seeing past post for last week but I have any wrong because those 
> solutions don't work for me.
>
> I have a script in exec module which set 2 values: Session-Timeout if 
> everything is correct for each user and it calculate his remaining 
> time to connect, and Reply-Message if there is any problem, to show 
> this message to the user
>
> I've seen these values are cached before when mysql runs the queries 
> to radcheck, radgroupchek, radreply, etc...in authtorize section and 
> when I execute my script in post-auth module the new values aren't 
> replaced and sent together with Access-Accept or Access-Reject
>
> I've done an update in post-auth section, like you said in last posts, 
> in two different modes:
>
> first example:
>    Post-Auth-Type REJECT {
>        attr_filter.access_reject
>        update outer.reply {
>            Reply-Message := "%{reply:Reply-Message}"
>        }
>        sql
>        reply_log
>    }
>
>
> Second example:
>
>    Post-Auth-Type REJECT {
>        attr_filter.access_reject
>        update outer.reply {
>            Reply-Message := "pepe"
>        }
>        sql
>        reply_log
>    }
>
> I've set Reply-Message := "pepe" to try without a variable but 
> unsuccessfully because I'm not sure if I've set the variable 
> correctly  but if I put the value of variable and this is not send 
> neither it is because my value is not replaced by the before one, ok? 
> why?
>
>
> Post-Auth section
>
> post-auth {
>    #  Get an address from the IP Pool.
> #    main_pool
>    #
>    #  If you want to have a log of authentication replies,
>    #  un-comment the following line, and the 'detail reply_log'
>    #  section, above.
>    reply_log
>    #
>    #  After authenticating the user, do another SQL query.
>    #
>    #  See "Authentication Logging Queries" in sql.conf
>    sql
>    #
>    #  Instead of sending the query to the SQL server,
>    #  write it into a log file.
>    #
>    sql_log
>    #
>    #  Un-comment the following if you have set
>    #  'edir_account_policy_check = yes' in the ldap module sub-section of
>    #  the 'modules' section.
>    #
> #    ldap
>    exec
>    update outer.reply {
>        Session-Timeout:="%{reply:Session-Timeout}"
>    }
>    #
>    #  Access-Reject packets are sent through the REJECT sub-section of 
> the
>    #  post-auth section.
>    #
>    #  Add the ldap module name (or instance) if you have set
>    #  'edir_account_policy_check = yes' in the ldap module configuration
>    #
>    Post-Auth-Type REJECT {
>        attr_filter.access_reject
>        update outer.reply {
>            Reply-Message := "pepe"
>        }
>        sql
>        reply_log
>    }
> }
>
>
> I try with "update reply" too. I don't understand the different 
> between both modes. Can you say me where I can read the neccesary doc 
> to find this difference?
>
> thanks in advance and I'm sorry to repeat this issue again
> -
> List info/subscribe/unsubscribe? See 
> http://www.freeradius.org/list/users.html
>



More information about the Freeradius-Users mailing list