two Reply-Message returned to NAS

Can Paçacı pacaci at servisnet.com.tr
Wed Jun 22 11:56:05 UTC 2022


OK when we correct the syntax as you can said now returned only one the 
"Wrong Password" Reply-Message to NAS. It is ok but;

the table radpostauth not updates as the Reply-Message (Wrong Password). 
It is blank, but when we request the wrong username it returned the 
correct reply-message "Reply-Message := "Please check your Username"  
and updates the reason field of the table radpostauth correctly. But 
when we request with the wrong password it doesnt update the reason 
field of the table radpostauth.

radclient test session with the wrong username, debug output: (updated 
correctly reason field)

(0) sql:    --> INSERT INTO radpostauth (reason,username, pass, reply, 
authdate,callingstationid,.... ) VALUES('Please check your 
Username','133 at kablonet', 'test123', 'Access-Reject', NOW......','','', 
'','','','','', '','','','', '','','','','')

reply-message to nas:

Received Access-Reject Id 103 from 127.0.0.1:1812 to 0.0.0.0:0 length 48
     Reply-Message = "Please check your Username"
(0) -: Expected Access-Accept got Access-Reject

----------------------------
radclient test session with the wrong password, debug output: ( NOT 
updated reason field)

(0) sql:    --> INSERT INTO radpostauth (reason,username, pass, reply, 
authdate,callingstationid,calledstationid,............... ) 
VALUES('','13 at kablonet', 'test1233', 'Access-Reject', 
NOW()..................','','', '','','','','', '','','','', '','','','','')

reply-message to nas:

Received Access-Reject Id 69 from 127.0.0.1:1812 to 0.0.0.0:0 length 37
     Reply-Message = " Wrong Password"
(0) -: Expected Access-Accept got Access-Reject


      sql{
         notfound = 1
         reject = 2
     }
     if(notfound){
         update reply {
             Reply-Message := "Please check your Username"
         }
         reject
     }
...
     Post-Auth-Type REJECT {
                 -sql
         update reply {
             Reply-Message = "%{Reply-Message} Wrong Password"
         }
..

Regards


On 6/20/22 15:12, Alan DeKok wrote:
> On Jun 20, 2022, at 5:48 AM, Can Paçacı<pacaci at servisnet.com.tr>  wrote:
>> We have an issue about reject message. As seen in the Figure , two reply messages were received. It must be only ' You are already loged in '
>>
>> image.png
>> One from simultaneous check setting (You are already loged in) and the other(wrong password) from etc/raddb/sites-enable/default  file. İf we deactivate wrong password-check part (in the below)  from ..raddb/sites-enable/default  file, the replay message is blank returned to NAS.
>    See "man users" or "man unlang".  And read the section on operators.
>
>>          ...
>>          Post-Auth-Type REJECT {
>>          update reply {
>>          Reply-Message +=   "%{Reply-Message} Wrong Password..."
>    That *adds* a Reply-Message.  If you want to over-write one, use ":=", not "+="
>
>    And use %{reply:Reply-Message} in the expansion, to refer to the reply list.  See again "man users" or "man unlang" for documentation.
>
>    Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? Seehttp://www.freeradius.org/list/users.html

-- 
Can Paçacı
pacaci at servisnet.com.tr
Servisnet A.Ş.
Tel: 90 216 9999677
      90 530 5450952


More information about the Freeradius-Users mailing list