update reply problem
Ana Gallardo Gómez
anaougu at gmail.com
Tue Mar 27 10:00:36 CEST 2012
Hello and thank you for your response.
Is this only in Post-Auth-Type Reject?
>
Yes because if I add this in authorize to test:
ldap
perl
update reply {
Codigo-Reject = Error-Dominio
}
> What does "radiusd -Xxx" say ?
>
the debug info with -Xxx is:
Tue Mar 27 09:36:22 2012 : Info: # Executing section post-auth from file
/etc/freeradius/sites-enabled/eduroam-inner-tunnel
Tue Mar 27 09:36:22 2012 : Info: +- entering group post-auth {...}
Tue Mar 27 09:36:22 2012 : Info: [sql] expand: %{Stripped-User-Name} ->
02747632
Tue Mar 27 09:36:22 2012 : Info: [sql] expand:
%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 02747632
Tue Mar 27 09:36:22 2012 : Info: [sql] sql_set_user escaped user -->
'02747632'
Tue Mar 27 09:36:22 2012 : Info: [sql] expand: INSERT INTO
radpostauth (username, mac, client, reply,
authdate,codreject,radauth) VALUES
( LOWER('%{User-Name}'),
LOWER('%i'), '%C',
'%{reply:Packet-Type}', NOW(),
'%{reply:Codigo-Reject}','radius') -> INSERT INTO
radpostauth (username, mac, client, reply,
authdate,codreject,radauth) VALUES
( LOWER('02747632'),
LOWER('66:77:99:B1:A0:2F'), 'PA',
'Access-Accept', NOW(), 'Error-Dominio','radius')
Tue Mar 27 09:36:22 2012 : Debug: rlm_sql (sql) in sql_postauth: query is
INSERT INTO radpostauth (username, mac, client,
reply, authdate,codreject,radauth) VALUES
( LOWER('02747632'),
LOWER('66:77:99:B1:A0:2F'), 'PA',
'Access-Accept', NOW(), 'Error-Dominio','radius')
Tue Mar 27 09:36:22 2012 : Debug: rlm_sql (sql): Ignoring unconnected
handle 1..
Tue Mar 27 09:36:22 2012 : Debug: rlm_sql (sql): Ignoring unconnected
handle 0..
Tue Mar 27 09:36:22 2012 : Debug: rlm_sql (sql): Ignoring unconnected
handle 4..
Tue Mar 27 09:36:22 2012 : Debug: rlm_sql (sql): Ignoring unconnected
handle 3..
Tue Mar 27 09:36:22 2012 : Debug: rlm_sql (sql): Ignoring unconnected
handle 2..
Tue Mar 27 09:36:22 2012 : Info: ++[sql] returns fail
Tue Mar 27 09:36:22 2012 : Info: ++? if (fail)
Tue Mar 27 09:36:22 2012 : Info: ? Evaluating (fail) -> TRUE
Tue Mar 27 09:36:22 2012 : Info: ++? if (fail) -> TRUE
Tue Mar 27 09:36:22 2012 : Info: ++- entering if (fail) {...}
Tue Mar 27 09:36:22 2012 : Info: +++[reply] returns fail
Tue Mar 27 09:36:22 2012 : Info: [reply_log] expand:
/var/log/freeradius/radacct/%Y/%m/%d/%{Client-IP-Address}-reply-detail-%Y%m%d
-> /var/log/freeradius/radacct/2012/03/27/10.253.40.43-reply-detail-20120327
Tue Mar 27 09:36:22 2012 : Info: [reply_log]
/var/log/freeradius/radacct/%Y/%m/%d/%{Client-IP-Address}-reply-detail-%Y%m%d
expands to
/var/log/freeradius/radacct/2012/03/27/10.253.40.43-reply-detail-20120327
Tue Mar 27 09:36:22 2012 : Info: [reply_log] expand: %t -> Tue Mar 27
09:36:22 2012
Tue Mar 27 09:36:22 2012 : Info: +++[reply_log] returns ok
Tue Mar 27 09:36:22 2012 : Info: +++[reject] returns reject
Tue Mar 27 09:36:22 2012 : Info: ++- if (fail) returns reject
} # server eduroam-inner-tunnel
Tue Mar 27 09:36:22 2012 : Info: [ttls] Got tunneled reply code 3
Relaciones = "03"
Nombre-Completo = "MARCOS"
* Codigo-Reject = Error-Dominio*
Tue Mar 27 09:36:22 2012 : Info: [ttls] Got tunneled Access-Reject
Tue Mar 27 09:36:22 2012 : Info: [eapeduroam] Handler failed in EAP/ttls
Tue Mar 27 09:36:22 2012 : Info: [eapeduroam] Failed in EAP select
Tue Mar 27 09:36:22 2012 : Info: ++[eapeduroam] returns invalid
Tue Mar 27 09:36:22 2012 : Info: Failed to authenticate the user.
Tue Mar 27 09:36:22 2012 : Info: } # server eduroam
Tue Mar 27 09:36:22 2012 : Info: Using Post-Auth-Type Reject
Tue Mar 27 09:36:22 2012 : Info: # Executing group from file
/etc/freeradius/sites-enabled/eduroam
Tue Mar 27 09:36:22 2012 : Info: +- entering group REJECT {...}
Tue Mar 27 09:36:22 2012 : Info: ++[reply] returns noop
Tue Mar 27 09:36:22 2012 : Info: [sql] expand: %{Stripped-User-Name} ->
02747632
Tue Mar 27 09:36:22 2012 : Info: [sql] expand:
%{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> 02747632
Tue Mar 27 09:36:22 2012 : Info: [sql] sql_set_user escaped user -->
'02747632'
Tue Mar 27 09:36:22 2012 : Info: [sql] expand: INSERT INTO
radpostauth (username, mac, client, reply,
authdate,codreject,radauth) VALUES
( LOWER('%{User-Name}'),
LOWER('%i'), '%C',
'%{reply:Packet-Type}', NOW(),
'%{reply:Codigo-Reject}','radius') -> INSERT INTO
radpostauth (username, mac, client, reply,
authdate,codreject,radauth) VALUES
( LOWER('02747632'),
LOWER('66:77:99:B1:A0:2F'), 'PA',
'Access-Reject', NOW(), 'Credenciales-Erroneas','radius')
Tue Mar 27 09:36:22 2012 : Debug: rlm_sql (sql) in sql_postauth: query is
INSERT INTO radpostauth (username, mac, client,
reply, authdate,codreject,radauth) VALUES
( LOWER('02747632'),
LOWER('66:77:99:B1:A0:2F'), 'PA',
'Access-Reject', NOW(), 'Credenciales-Erroneas','radius')
Tue Mar 27 09:36:22 2012 : Debug: rlm_sql (sql): Ignoring unconnected
handle 1..
Tue Mar 27 09:36:22 2012 : Debug: rlm_sql (sql): Ignoring unconnected
handle 0..
Tue Mar 27 09:36:22 2012 : Debug: rlm_sql (sql): Ignoring unconnected
handle 4..
Tue Mar 27 09:36:22 2012 : Debug: rlm_sql (sql): Ignoring unconnected
handle 3..
Tue Mar 27 09:36:22 2012 : Debug: rlm_sql (sql): Ignoring unconnected
handle 2..
Tue Mar 27 09:36:22 2012 : Info: ++[sql] returns fail
Tue Mar 27 09:36:22 2012 : Info: ++? if (fail)
Tue Mar 27 09:36:22 2012 : Info: ? Evaluating (fail) -> TRUE
Tue Mar 27 09:36:22 2012 : Info: ++? if (fail) -> TRUE
Tue Mar 27 09:36:22 2012 : Info: ++- entering if (fail) {...}
Tue Mar 27 09:36:22 2012 : Info: +++[reply] returns fail
Tue Mar 27 09:36:22 2012 : Info: ++- if (fail) returns fail
Tue Mar 27 09:36:22 2012 : Info: Delaying reject of request 42 for 1 seconds
Tue Mar 27 09:36:22 2012 : Debug: Going to the next request
Tue Mar 27 09:36:22 2012 : Debug: Waking up in 0.9 seconds.
Tue Mar 27 09:36:23 2012 : Info: Sending delayed reject for request 42
Sending Access-Reject of id 163 to 10.253.40.43 port 1314
EAP-Message = 0x04090004
Message-Authenticator = 0x00000000000000000000000000000000
* Codigo-Reject = Credenciales-Erroneas*
I don't know what is the mening of the messages:
Tue Mar 27 09:36:22 2012 : Info: [eapeduroam] Handler failed in EAP/ttls
Tue Mar 27 09:36:22 2012 : Info: [eapeduroam] Failed in EAP select
Tue Mar 27 09:36:22 2012 : Info: ++[eapeduroam] returns invalid
And, Can I do?
# inner-tunnel
post-auth {
sql{
fail=1
}
if (fail) {
update reply {
Codigo-Reject = Imposible-Contactar-Backend
* Packet-Type := Access-Reject*
}
reply_log
reject
}
Thank you for your time and sorry for my english
::::::::::::::::::::::::::::::::::::
:: Ana Gallardo Gómez ::
::::::::::::::::::::::::::::::::::::
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120327/ac1888a6/attachment.html>
More information about the Freeradius-Users
mailing list