Question about configurable module fail-over
Ana Gallardo
ana.gallardo.77 at gmail.com
Thu Jun 10 09:39:29 CEST 2010
Hello,
I have Freeradius 2.1.8.
I want to return an error code if my freeradius can't contact with the
backend.
Here is my authorize section:
authorize {
. . .
switch "%{Realm}" {
case 'temp.unex.es' {
sql {
fail = 1
}
if (!fail && ("%D" < "%{control:Expiration-Init}")) {
update reply {
Codigo-Reject := Cuenta-Inactiva
}
reject
}
}
case 'unex.es' {
ldap {
fail = 1
}
}
case {
update reply {
Codigo-Reject := Error-Dominio
}
reject
}
}
if (fail) {
update reply {
Codigo-Reject := Imposible-Contactar-Backend
}
reject
}
expiration {
userlock = 1
}
if (userlock) {
update reply {
Codigo-Reject := Cuenta-Expirada
}
}
pap
}
My problem is when Freeradius can't contact ldap. Here is my debug info:
rad_recv: Access-Request packet from host X.X.X.X port 48454, id=116,
length=56
User-Name = "usuario at unex.es"
User-Password = "1631"
server rinuex {
. . .
++- entering switch %{Realm} {...}
+++- entering case unex.es {...}
[ldap] performing user authorization for usuario
[ldap] expand: %{Stripped-User-Name} -> usuario
[ldap] expand: (cn=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(cn=usuario)
[ldap] expand: ou=saser,dc=unex,dc=es -> ou=saser,dc=unex,dc=es
[ldap] ldap_get_conn: Checking Id: 0
[ldap] ldap_get_conn: Got Id: 0
[ldap] attempting LDAP reconnection
[ldap] (re)connect to X.X.X.X, authentication 0
[ldap] bind as cn=...
[ldap] waiting for bind result ...
[ldap] LDAP login failed: check identity, password settings in ldap
section of radiusd.conf
[ldap] (re)connection attempt failed
[ldap] search failed
[ldap] ldap_release_conn: Release Id: 0
++++[ldap] returns fail
+++- case unex.es returns fail
++- switch %{Realm} returns fail
} # server rinuex
Using Post-Auth-Type Reject
+- entering group REJECT {...}
++[reply] returns noop
++? if ("%{reply:Codigo-Reject}")
expand: %{reply:Codigo-Reject} -> Credenciales-Erroneas
? Evaluating ("%{reply:Codigo-Reject}") -> TRUE
++? if ("%{reply:Codigo-Reject}") -> TRUE
++- entering if ("%{reply:Codigo-Reject}") {...}
+++- if ("%{reply:Codigo-Reject}") returns noop
++- group REJECT returns noop
[sql] expand: %{Stripped-User-Name} -> usuario
[sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} ->
usuario
[sql] sql_set_user escaped user --> 'usuario'
[sql] expand: INSERT INTO radpostauth
(username, mac, client, reply, authdate,codreject)
VALUES ( '%{User-Name}',
LOWER('%{Calling-Station-Id}'),
'%C', '%{reply:Packet-Type}', NOW(),
'%{reply:Codigo-Reject}') -> INSERT INTO
radpostauth (username, mac, client, reply,
authdate,codreject) VALUES
( 'usuario at unex.es', LOWER(''),
'CAU2', 'Access-Reject', NOW(),
'Credenciales-Erroneas')
rlm_sql (sql) in sql_postauth: query is INSERT INTO
radpostauth (username, mac, client, reply,
authdate,codreject) VALUES
( 'usuario
@unex.es', LOWER(''), 'CAU2',
'Access-Reject', NOW(), 'Credenciales-Erroneas')
rlm_sql (sql): Reserving sql socket id: 2
rlm_sql (sql): Released sql socket id: 2
++[sql] returns ok
[attr_filter.access_reject] expand: %{User-Name} -> usuario at unex.es
attr_filter: Matched entry DEFAULT at line 11
++[attr_filter.access_reject] returns updated
Delaying reject of request 0 for 1 seconds
Going to the next request
Waking up in 0.9 seconds.
Sending delayed reject for request 0
Sending Access-Reject of id 116 to X.X.X.X port 48454
Codigo-Reject = Credenciales-Erroneas
I need help. Thank you and sorry for y english.
--
____________________
Ana Gallardo Gómez
____________________
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100610/a5eac4a6/attachment.html>
More information about the Freeradius-Users
mailing list