Post Auth Reject not working after reject using exec Module
Muhammed Buvaydani
muhammed.buvaydani at netcom.com.tr
Sat Oct 31 13:25:23 CET 2020
I have FreeRADIUS Version 3.0.21 and I am trying to authenticate users using External Php script , the script is working fine , my problem it is not insert in radpostauth table after getting reject from the script , this is the debug mode when I get reject user
0) Received Access-Request Id 71 from 127.0.0.1:47913 to 127.0.0.1:1812 length 100
(0) User-Name = "Aboserifaban"
(0) User-Password = "123456"
(0) Calling-Station-Id = "4e:f9:5e:77:0c:9a"
(0) NAS-Port = 102
(0) NAS-IP-Address = 103.200.57.138
(0) Framed-Protocol = PPP
(0) Framed-IP-Address = 192.168.0.1
(0) NAS-Identifier = "nas"
(0) # Executing section authorize from file /usr/local/etc/raddb/sites-enabled/default
(0) authorize {
(0) [preprocess] = ok
(0) [chap] = noop
(0) [mschap] = noop
(0) [digest] = noop
(0) suffix: Checking for suffix after "@"
(0) suffix: No '@' in User-Name = "Aboserifaban", looking up realm NULL
(0) suffix: No such realm "NULL"
(0) [suffix] = noop
(0) eap: No EAP-Message, not doing EAP
(0) [eap] = noop
(0) files: users: Matched entry DEFAULT at line 48
(0) files: EXPAND /usr/bin/php /var/www/html/cloudradius/captiveportal/auth_new.php "%{User-Name}" "%{User-Password}" "%{Calling-Station-Id}" "%{NAS-Port-Id}" "%{NAS-IP-Address}" "%{Framed-Protocol}" "%{Framed-IP-Address}"
(0) files: --> /usr/bin/php /var/www/html/cloudradius/captiveportal/auth_new.php "Aboserifaban" "123456" "4e:f9:5e:77:0c:9a" "" "103.200.57.138" "PPP" "192.168.0.1"
(0) [files] = ok
(0) sql: EXPAND %{User-Name}
(0) sql: --> Aboserifaban
(0) sql: SQL-User-Name set to 'Aboserifaban'
rlm_sql (sql): Reserved connection (0)
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radcheck WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql: --> SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'Aboserifaban' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radcheck WHERE username = 'Aboserifaban' ORDER BY id
(0) sql: User found in radcheck table
(0) sql: Conditional check items matched, merging assignment check items
(0) sql: Cleartext-Password := "123456"
(0) sql: Simultaneous-Use := 1
(0) sql: EXPAND SELECT id, username, attribute, value, op FROM radreply WHERE username = '%{SQL-User-Name}' ORDER BY id
(0) sql: --> SELECT id, username, attribute, value, op FROM radreply WHERE username = 'Aboserifaban' ORDER BY id
(0) sql: Executing select query: SELECT id, username, attribute, value, op FROM radreply WHERE username = 'Aboserifaban' ORDER BY id
rlm_sql (sql): Reserved connection (1)
rlm_sql (sql): Released connection (1)
Need 6 more connections to reach 10 spares
rlm_sql (sql): Opening additional connection (5), 1 of 27 pending slots used
rlm_sql_mysql: Starting connect to MySQL server
rlm_sql_mysql: Connected to database 'cloudradius' on Localhost via UNIX socket, server version 5.5.65-MariaDB, protocol version 10
(0) sql: EXPAND SELECT groupname FROM radusergroup WHERE username = '%{SQL-User-Name}' ORDER BY priority
(0) sql: --> SELECT groupname FROM radusergroup WHERE username = 'Aboserifaban' ORDER BY priority
(0) sql: Executing select query: SELECT groupname FROM radusergroup WHERE username = 'Aboserifaban' ORDER BY priority
(0) sql: User not found in any groups
rlm_sql (sql): Released connection (0)
(0) [sql] = ok
(0) if (User-Name =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) {
(0) if (User-Name =~ /([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:.]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i) -> FALSE
(0) [pap] = updated
(0) } # authorize = updated
(0) Found Auth-Type = PAP
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0) Auth-Type PAP {
(0) pap: Login attempt with password
(0) pap: Comparing with "known good" Cleartext-Password
(0) pap: User authenticated successfully
(0) [pap] = ok
(0) } # Auth-Type PAP = ok
(0) # Executing section session from file /usr/local/etc/raddb/sites-enabled/default
(0) session {
(0) sql: EXPAND %{User-Name}
(0) sql: --> Aboserifaban
(0) sql: SQL-User-Name set to 'Aboserifaban'
rlm_sql (sql): Reserved connection (2)
(0) sql: EXPAND SELECT COUNT(*) FROM radacct WHERE username = '%{SQL-User-Name}' AND acctstoptime IS NULL
(0) sql: --> SELECT COUNT(*) FROM radacct WHERE username = 'Aboserifaban' AND acctstoptime IS NULL
(0) sql: Executing select query: SELECT COUNT(*) FROM radacct WHERE username = 'Aboserifaban' AND acctstoptime IS NULL
rlm_sql (sql): Released connection (2)
(0) [sql] = ok
(0) } # session = ok
(0) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
(0) post-auth {
(0) exec: Executing: /usr/bin/php /var/www/html/cloudradius/captiveportal/auth_new.php "Aboserifaban" "123456" "4e:f9:5e:77:0c:9a" "" "103.200.57.138" "PPP" "192.168.0.1":
(0) exec: ERROR: Program returned code (1) and output 'Reply-Message := "Your Account has been expired."'
(0) [exec] = reject
(0) } # post-auth = reject
(0) Delaying response for 1.000000 seconds
Waking up in 0.1 seconds.
Waking up in 0.7 seconds.
(0) Sending delayed response
(0) Sent Access-Reject Id 71 from 127.0.0.1:1812 to 127.0.0.1:47913 length 52
(0) Reply-Message := "Your Account has been expired."
Waking up in 3.9 seconds.
(0) Cleaning up request packet ID 71 with timestamp +3
Ready to process requests
as you see above it rejected the user but it seems the SQL module not running ,
this is my configuration in POST-Auth section in default file
post-auth {
exec
sql
Post-Auth-Type REJECT {
update reply {
Reply-Message = "Rejected: invalid username or password..!"
}
# log failed authentications in SQL, too.
exec
sql
}
}
when I stop exec in Post-auth section and it is working fine and it insert the result in radpostauth table Please help me to fix this issue Thanks in Advance Best Regards
More information about the Freeradius-Users
mailing list