eap module returning 'updated' rather than 'ok'

Brian Candler b.candler at pobox.com
Fri Oct 21 14:12:22 CEST 2016

On 20/10/2016 20:01, Alan DeKok wrote:
>> I couldn't find any reference to return codes, or "ok" or "updated", in either of these.
>    As always, patches are welcome.
Would this be an acceptable?

diff --git a/raddb/sites-available/default b/raddb/sites-available/default
index 0834075..f047979 100644
--- a/raddb/sites-available/default
+++ b/raddb/sites-available/default
@@ -347,9 +347,9 @@ authorize {
         #  It also sets the EAP-Type attribute in the request
         #  attribute list to the EAP type from the packet.
-       #  The EAP module returns "ok" if it is not yet ready to
+       #  The EAP module returns "ok" or "updated" if it is not yet 
ready to
         #  authenticate the user.  The configuration below checks for
-       #  that code, and stops processing the "authorize" section if
+       #  those codes, and stops processing the "authorize" section if
         #  so.
         #  Any LDAP and/or SQL servers will not be queried for the
@@ -358,6 +358,7 @@ authorize {
         eap {
                 ok = return
+               updated = return


If yes, I'll reformat as a pull request.

I believe that is accurate. Looking at rlm_eap.c, the EAP responses are 
mapped to the following return values in the authorize handler:




(if it gets this far, control:Auth-Type := eap is set)


anything else* -> RLM_MODULE_UPDATED

*the remaining enum values are EAP_NOTFOUND, EAP_INVALID or EAP_VALID.



More information about the Freeradius-Users mailing list