(RADIATOR) Failure reason accessibility
Hugh Irvine
hugh at open.com.au
Wed Oct 22 17:34:41 CDT 2003
Hello Jeremy -
You could do something along the lines of what you show below by using
an OSC-AVPAIR, but you will need to do some experiments as Reject
handling is different and you may need to use a hook to manipulate the
reply packet. There are some example hooks in the file
"goodies/hooks.txt".
regards
Hugh
On Thursday, Oct 23, 2003, at 05:23 Australia/Melbourne, Jeremy Hinton
wrote:
>
> Is there any way inside a <Handler> clause to access the reason for
> the current requests failing, as it is accessible via %1 in an
> <AuthLog> clause? I would like to be able to pass back the actual
> failure reason to the client instead of the cryptic
> Reply-Message="Request Denied". Something along the lines of the
> following, where %x is the var for the failure reason:
>
> <Handler>
> SessionDatabase SDB_SQL
> AuthBy Auth_SQL
>
> StripFromReply Reply-Message
> AddToReply Reply-Message=%x
> </Handler>
>
> The reason for this is we are migrating to using an AuthBy RADIUS
> setup, where one server proxies to another. Unfortunately, on the
> proxy/ front end server, the %1/Reason in an AuthLog SQL clause is
> always set to "Proxy" on all login failures, instead of the normally
> descriptive failure reason. I realize this is because the proxy server
> has no way of knowing what the failure reason is from the server its
> passing the request to. Hence, my need to have the back-end server
> insert the failure text into the reply packet. Then i can structure
> the AuthLog SQL insert statement on my front end server to log
> '%{Reply:Reply-Message}' instead of %1 for the failure reason. Does
> this make sense?
>
> - jeremy
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list