linelog module soft failure
Arnaud LAURIOU
arnaud.lauriou at renater.fr
Fri Sep 10 15:17:17 CEST 2021
On 9/10/21 2:10 PM, Alan DeKok wrote:
> On Sep 10, 2021, at 6:13 AM, Arnaud LAURIOU <arnaud.lauriou at renater.fr> wrote:
>> On our eduroam proxy we use linelog modules in the post-auth section.
>> Recently, one of these linelog module failed and its 'fail' return code was
>> applied to requests in the post-auth section : Auth: (34463328) Rejected
>> in post-auth.
>>
>> Is there a way to have a 'soft failure' when the return code from linelog is 'fail' ?
> See doc/configuration/configurable_failover.rst
>
> linelog {
> fail = 1
> }
> ok
Not working for me, return status by f_ticks (linelog module) is still
'fail' :
(6117) Fri Sep 10 14:26:47 2021: Debug: if ("%{client:group}" ==
"eduroam_fr_sp") {
(6117) Fri Sep 10 14:26:47 2021: Debug: EXPAND %{client:group}
(6117) Fri Sep 10 14:26:47 2021: Debug: --> eduroam_fr_sp
(6117) Fri Sep 10 14:26:47 2021: Debug: if ("%{client:group}" ==
"eduroam_fr_sp") -> TRUE
(6117) Fri Sep 10 14:26:47 2021: Debug: if ("%{client:group}" ==
"eduroam_fr_sp") {
(6117) Fri Sep 10 14:26:47 2021: Debug: f_ticks: EXPAND
f_ticks.%{%{reply:Packet-Type}:-format}
(6117) Fri Sep 10 14:26:47 2021: Debug: f_ticks: -->
f_ticks.Access-Accept
(6117) Fri Sep 10 14:26:47 2021: Debug: f_ticks: EXPAND
F-TICKS/eduroam/1.0#REALM=%{Realm}#VISCOUNTRY=FR#VISINST=%{Operator-Name}#CSI=%{Calling-Station-Id}#RESULT=OK#
(6117) Fri Sep 10 14:26:47 2021: Debug: f_ticks: -->
F-TICKS/eduroam/1.0#REALM=etu.univ-amu.fr#VISCOUNTRY=FR#VISINST=#CSI=56-CA-25-B1-00-5B#RESULT=OK#
(6117) Fri Sep 10 14:26:47 2021: Debug: f_ticks: EXPAND
/var/log/radius/f_ticks
(6117) Fri Sep 10 14:26:47 2021: Debug: f_ticks: -->
/var/log/radius/f_ticks
(6117) Fri Sep 10 14:26:47 2021: Debug: [f_ticks] = fail
(6117) Fri Sep 10 14:26:47 2021: Debug: } # if ("%{client:group}" ==
"eduroam_fr_sp") = fail
(6117) Fri Sep 10 14:26:47 2021: Debug: } # post-auth = fail
The line 'fail = 1' is not displayed in debug mode:
# Loading module "f_ticks" from file /etc/freeradius/mods-enabled/f-ticks
linelog f_ticks {
filename = "/var/log/radius/f_ticks"
escape_filenames = no
syslog_severity = "info"
permissions = 416
format = ""
reference = "f_ticks.%{%{reply:Packet-Type}:-format}"
}
Arnaud
More information about the Freeradius-Users
mailing list