returning error code of script to module
Chitrang Srivastava
chitrang.srivastava at gmail.com
Tue Feb 26 11:18:15 CET 2013
Thanks this may solve the issue but one doubt ,
> if (Module-Failure-Message =~ /.*logon fail.*/i) {
How is Module-failure-Message is handled , I guess its a string ?
What kind of comparision are you doing ?
On Tue, Feb 26, 2013 at 2:48 PM, Phil Mayers <p.mayers at imperial.ac.uk>wrote:
> On 02/26/2013 08:54 AM, Chitrang Srivastava wrote:
>
>> Hi,
>>
>> Is their a way to return status code of an external script to the module.
>>
>> Let me explain the problem:
>> PEAP-MSCHAPv2 with ldap and fallback is also there i.e. if ldap server
>> is not reachable do local auth.
>> Now mschapv2 authentication with ldap is to be done using ntlm_auth ,
>> So basically I want to know what ntlm_auth has returned ?
>> it actually returns "*Reading winbind reply failed! (0xc0000001) *" when
>>
>> ldap is not reachable (net join has failed winbindd hasn't started)
>> ldap is reachable but userid/password incorrect *Logon failure
>> (0xc000006d) *
>> *
>> *
>>
>> For both cases Exec is return reject=1 as module return code, radius
>> should only do local authentication ldap is not-reachable and not when
>> ldap reject , but because exec output is always reject I cant
>> distinguish the real cause of failure.
>>
>
> That's not actually the "exec" module; that's the mschap module generating
> the return code.
>
> Only way I can know what actually *ntlm_auth returns* ? if I know that I
>>
>> can take decision in radiusd.conf.
>>
>
> You can't get the return code from an ntlm_auth exec, but you can get the
> output - like this:
>
> mschap
> if (ok) {
> ...
> }
> else {
> if (Module-Failure-Message =~ /.*logon fail.*/i) {
> reject
> }
> else {
> something_else
> }
> }
>
>
>>
>>
>>
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
>> list/users.html <http://www.freeradius.org/list/users.html>
>>
>>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/**
> list/users.html <http://www.freeradius.org/list/users.html>
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20130226/7ad1c3fa/attachment.html>
More information about the Freeradius-Users
mailing list