Output of exec module
Dom Latter
freeradius-users at latter.org
Thu Apr 25 16:16:47 CEST 2019
On 23/04/2019 13:45, Alan DeKok wrote:
> On Apr 23, 2019, at 8:20 AM, Dom Latter <freeradius-users at latter.org> wrote:
>>
>> We are using the exec module [1]:
>> https://networkradius.com/doc/3.0.10/raddb/mods-available/exec.html
>>
>> In some circumstances we will reject a user even though they have
>> authenticated. So we send a return code of 1.
>>
>> But this appears in radius./log as an error. Looking at src/main/exec.c
>> I find these lines:
>>
>> if ((status != 0) || (ret < 0)) {
>> RERROR("Program returned code (%d) and output '%s'", status, answer);
>>
>> so I am guessing this is essentially as designed. Is that right?
>
> Yes.
>
Unfortunately this *seems* to prevent the linelog from working. Pretty
sure it used not to behave like this - originally *all* of our
authentication went via the external script and we've always relied on
the line log to provide diagnostic info to the tech support people.
More information about the Freeradius-Users
mailing list