reply messages in access-reject
Hegedus Gabor
hegedus.gabor at euroway.hu
Wed Mar 4 16:25:55 CET 2009
Hi I have a question.
How can I send attributes(for example reply-message, cvpn3000, ...) in
access-reject packet.
I tried to put my exec to the post-auth section Post-Auth-Type REJECT{},
but in this
section radius dosen't send the attribs in the reject packet.
Radius send only if i run the exec program in the files modul:
DEFAULT NAS-Port-Type == "Virtual", Autz-Type = "LDAP"
exec-program-wait ="/usr/local/etc/raddb/scripts/vpn.php"
debug:
Using Post-Auth-Type Reject
+- entering group REJECT {...}
[attr_filter.access_reject] expand: %{User-Name} -> test
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
++? if (NAS-Port-Type=="Virtual")
? Evaluating (NAS-Port-Type=="Virtual") -> TRUE
++? if (NAS-Port-Type=="Virtual") -> TRUE
++- entering if (NAS-Port-Type=="Virtual") {...}
[script-bad] expand: %{User-Name} -> test
[sctipt-bad] expand: %{User-Password} -> test
Exec-Program output: CVPN3000-IPSec-Banner2 = 'sorry',
Exec-Program-Wait: value-pairs: CVPN3000-IPSec-Banner2 = 'sorry',
Exec-Program: returned: 0
+++[script-bad] returns ok
++- if (NAS-Port-Type=="Virtual") returns ok
Delaying reject of request 7 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 7
Sending Access-Reject of id 79 to 192.168.1.1 port 1147
Waking up in 4.9 seconds.
Cleaning up request 7 ID 79 with timestamp +388
Ready to process requests.
what is wrong?
what is the solution?
thank you!
br
Gabor
More information about the Freeradius-Users
mailing list