returning error code of script to module
Phil Mayers
p.mayers at imperial.ac.uk
Tue Feb 26 10:18:35 CET 2013
On 02/26/2013 08:54 AM, Chitrang Srivastava wrote:
> Hi,
>
> Is their a way to return status code of an external script to the module.
>
> Let me explain the problem:
> PEAP-MSCHAPv2 with ldap and fallback is also there i.e. if ldap server
> is not reachable do local auth.
> Now mschapv2 authentication with ldap is to be done using ntlm_auth ,
> So basically I want to know what ntlm_auth has returned ?
> it actually returns "*Reading winbind reply failed! (0xc0000001) *" when
> ldap is not reachable (net join has failed winbindd hasn't started)
> ldap is reachable but userid/password incorrect *Logon failure
> (0xc000006d) *
> *
> *
> For both cases Exec is return reject=1 as module return code, radius
> should only do local authentication ldap is not-reachable and not when
> ldap reject , but because exec output is always reject I cant
> distinguish the real cause of failure.
That's not actually the "exec" module; that's the mschap module
generating the return code.
> Only way I can know what actually *ntlm_auth returns* ? if I know that I
> can take decision in radiusd.conf.
You can't get the return code from an ntlm_auth exec, but you can get
the output - like this:
mschap
if (ok) {
...
}
else {
if (Module-Failure-Message =~ /.*logon fail.*/i) {
reject
}
else {
something_else
}
}
>
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list