[RADIATOR] RejectReason Problem with AuthHANDLER

Alexander Hartmaier alexander.hartmaier at t-systems.at
Mon Jun 28 03:35:11 CDT 2010


Hi,

Radiator doesn't send the RejectReason when using AuthHANDLER but instead the hardcoded return string from AuthHANDLER.pm.

This is an excerpt of my config:

<Handler Client-Identifier="hostname" Request-Type="Access-Request">
    AuthByPolicy    ContinueUntilIgnore

    # Show any rejection reason to the end user
    RejectHasReason

    <AuthBy LDAP2>
        AuthAttrDef memberof,GENERIC,request

        # this populates Request:X-Identifier
        PostSearchHook file:"%D/ldap_authselect_by_group.pl"
    </AuthBy>

    <AuthBy HANDLER>
        HandlerId %{Request:X-Identifier}
    </AuthBy>
</Handler>


<Handler>
    Identifier reject

    # Show any rejection reason to the end user
    RejectHasReason

    <AuthBy INTERNAL>
        AuthResult REJECT
        RejectReason User isn't member of an OTP ldap group, rejecting
    </AuthBy>
</Handler>

This is the level 4 log where the issue can be seen:

Mon Jun 28 08:20:06 2010: DEBUG: Handling with AuthINTERNAL:
Mon Jun 28 08:20:06 2010: DEBUG: AuthBy INTERNAL result: REJECT, User isn't member of an OTP ldap group, rejecting
Mon Jun 28 08:20:06 2010: DEBUG: AuthBy HANDLER result: REJECT, redirected by AuthHANDLER
Mon Jun 28 08:20:06 2010: INFO: Access rejected for test: redirected by AuthHANDLER
Mon Jun 28 08:20:06 2010: DEBUG: Packet dump:
*** Sending to 1.2.3.4 port 1025 ....
Code:       Access-Reject
Identifier: 1
Authentic:  <24>?N<127><151><193><229>Q<148><174>B!<1>^<233>*
Attributes:
Reply-Message = "redirected by AuthHANDLER"




--
Best regards, Alex





*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
Handelsgericht Wien, FN 79340b
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
Notice: This e-mail contains information that is confidential and may be privileged.
If you are not the intended recipient, please notify the sender and then
delete this e-mail immediately.
*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20100628/4f6783d3/attachment.html 


More information about the radiator mailing list