linelog module soft failure

Arnaud LAURIOU arnaud.lauriou at renater.fr
Fri Sep 10 15:17:17 CEST 2021 


On 9/10/21 2:10 PM, Alan DeKok wrote:
> On Sep 10, 2021, at 6:13 AM, Arnaud LAURIOU <arnaud.lauriou at renater.fr> wrote:
>> On our eduroam proxy we use linelog modules in the post-auth section.
>> Recently, one of these linelog module failed and its 'fail' return code was
>> applied to requests in the post-auth section : Auth: (34463328) Rejected
>> in post-auth.
>>
>> Is there a way to have a 'soft failure' when the return code from linelog is 'fail' ?
>    See doc/configuration/configurable_failover.rst
>
> 	linelog {
> 		fail = 1
> 	}
> 	ok

Not working for me, return status by f_ticks (linelog module) is still 
'fail' :

(6117) Fri Sep 10 14:26:47 2021: Debug:     if ("%{client:group}" == 
"eduroam_fr_sp") {
(6117) Fri Sep 10 14:26:47 2021: Debug:     EXPAND %{client:group}
(6117) Fri Sep 10 14:26:47 2021: Debug:        --> eduroam_fr_sp
(6117) Fri Sep 10 14:26:47 2021: Debug:     if ("%{client:group}" == 
"eduroam_fr_sp")  -> TRUE
(6117) Fri Sep 10 14:26:47 2021: Debug:     if ("%{client:group}" == 
"eduroam_fr_sp")  {
(6117) Fri Sep 10 14:26:47 2021: Debug: f_ticks: EXPAND 
f_ticks.%{%{reply:Packet-Type}:-format}
(6117) Fri Sep 10 14:26:47 2021: Debug: f_ticks:    --> 
f_ticks.Access-Accept
(6117) Fri Sep 10 14:26:47 2021: Debug: f_ticks: EXPAND 
F-TICKS/eduroam/1.0#REALM=%{Realm}#VISCOUNTRY=FR#VISINST=%{Operator-Name}#CSI=%{Calling-Station-Id}#RESULT=OK#
(6117) Fri Sep 10 14:26:47 2021: Debug: f_ticks:    --> 
F-TICKS/eduroam/1.0#REALM=etu.univ-amu.fr#VISCOUNTRY=FR#VISINST=#CSI=56-CA-25-B1-00-5B#RESULT=OK#
(6117) Fri Sep 10 14:26:47 2021: Debug: f_ticks: EXPAND 
/var/log/radius/f_ticks
(6117) Fri Sep 10 14:26:47 2021: Debug: f_ticks:    --> 
/var/log/radius/f_ticks
(6117) Fri Sep 10 14:26:47 2021: Debug:       [f_ticks] = fail
(6117) Fri Sep 10 14:26:47 2021: Debug:     } # if ("%{client:group}" == 
"eduroam_fr_sp")  = fail
(6117) Fri Sep 10 14:26:47 2021: Debug:   } # post-auth = fail

The line 'fail = 1' is not displayed in debug mode:
   # Loading module "f_ticks" from file /etc/freeradius/mods-enabled/f-ticks
   linelog f_ticks {
         filename = "/var/log/radius/f_ticks"
         escape_filenames = no
         syslog_severity = "info"
         permissions = 416
         format = ""
         reference = "f_ticks.%{%{reply:Packet-Type}:-format}"
   }

Arnaud

More information about the Freeradius-Users mailing list