Capturing Access-Reject data in the radpostauth table
Aaron Paetznick
aaronp at critd.com
Thu Apr 29 20:08:20 CEST 2010
Huh. Then it should be working but it isn't.
radiusd -X says:
...
++[pap] returns noop
No authenticate method (Auth-Type) configuration found for the request:
Rejecting the user
Failed to authenticate the user.
Login incorrect: [username/badpass] (from client somenas port 0 cli
somecallinginfo)
Using Post-Auth-Type Reject
...
Sending Access-Reject of id 135 to 75.102.161.225 port 1645
Reply-Message = "You got: "
...
--Aaron
On 4/29/2010 1:02 AM, Alan DeKok wrote:
> Aaron Paetznick wrote:
>> I'm sorry, your explanation wasn't clear to me. How can I expose
>> Module-Failure-Message to or reference Module-Failure-Message within
>> rlm_sql?
>>
>> This, also, didn't work for me:
>>
>> post-auth {
>> ...
>> Post-Auth-Type REJECT {
>> update reply {
>> Reply-Message += "You got:
>> %{Module-Failure-Message}"
>> }
>
> OK... if the Module-Failure-Message doesn't exist, it won't work.
>
> But the log message *uses* it:
>
> Login incorrect (rlm_pap: CLEAR TEXT password check failed) ..
>
> The text between the () *is* the Module-Failure-Message attribute.
> See src/main/auth.c.
>
> So we know it exists, the previous log message you posted shows it.
> And the server core doesn't delete it, so it *should* always exist after
> the PAP module creates it.
>
> Alan DeKok.
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list