Capturing Access-Reject data in the radpostauth table
Alan DeKok
aland at deployingradius.com
Thu Apr 29 08:02:56 CEST 2010
Aaron Paetznick wrote:
> I'm sorry, your explanation wasn't clear to me. How can I expose
> Module-Failure-Message to or reference Module-Failure-Message within
> rlm_sql?
>
> This, also, didn't work for me:
>
> post-auth {
> ...
> Post-Auth-Type REJECT {
> update reply {
> Reply-Message += "You got:
> %{Module-Failure-Message}"
> }
OK... if the Module-Failure-Message doesn't exist, it won't work.
But the log message *uses* it:
Login incorrect (rlm_pap: CLEAR TEXT password check failed) ..
The text between the () *is* the Module-Failure-Message attribute.
See src/main/auth.c.
So we know it exists, the previous log message you posted shows it.
And the server core doesn't delete it, so it *should* always exist after
the PAP module creates it.
Alan DeKok.
More information about the Freeradius-Users
mailing list