[RADIATOR] RejectReason Problem with AuthHANDLER

Alexander Hartmaier alexander.hartmaier at t-systems.at
Wed Jun 30 09:39:23 CDT 2010 

Hi Hugh,

I can confirm that the latest patchset fixes the problem.

Thanks for the quick-as-usual fix!

-- 
Best regards, Alex


Am Dienstag, den 29.06.2010, 05:47 +0200 schrieb Hugh Irvine:
> Hello Alex -
> 
> Thanks for letting us know about this.
> 
> Should be fixed in the latest Radiator 4.6 patches.
> 
> regards
> 
> Hugh
> 
> 
> On 28 Jun 2010, at 18:35, Alexander Hartmaier wrote:
> 
> > Hi,
> > 
> > Radiator doesn't send the RejectReason when using AuthHANDLER but instead the hardcoded return string from AuthHANDLER.pm.
> > 
> > This is an excerpt of my config:
> > 
> > <Handler Client-Identifier="hostname" Request-Type="Access-Request">
> >     AuthByPolicy    ContinueUntilIgnore
> > 
> >     # Show any rejection reason to the end user
> >     RejectHasReason
> > 
> >     <AuthBy LDAP2>
> >         AuthAttrDef memberof,GENERIC,request
> > 
> >         # this populates Request:X-Identifier
> >         PostSearchHook file:"%D/ldap_authselect_by_group.pl"
> >     </AuthBy>
> > 
> >     <AuthBy HANDLER>
> >         HandlerId %{Request:X-Identifier}
> >     </AuthBy>
> > </Handler>
> >     
> > 
> > <Handler>
> >     Identifier reject
> > 
> >     # Show any rejection reason to the end user
> >     RejectHasReason
> > 
> >     <AuthBy INTERNAL>
> >         AuthResult REJECT
> >         RejectReason User isn't member of an OTP ldap group, rejecting
> >     </AuthBy>
> > </Handler>
> > 
> > This is the level 4 log where the issue can be seen:
> > 
> > Mon Jun 28 08:20:06 2010: DEBUG: Handling with AuthINTERNAL: 
> > Mon Jun 28 08:20:06 2010: DEBUG: AuthBy INTERNAL result: REJECT, User isn't member of an OTP ldap group, rejecting
> > Mon Jun 28 08:20:06 2010: DEBUG: AuthBy HANDLER result: REJECT, redirected by AuthHANDLER
> > Mon Jun 28 08:20:06 2010: INFO: Access rejected for test: redirected by AuthHANDLER
> > Mon Jun 28 08:20:06 2010: DEBUG: Packet dump:
> > *** Sending to 1.2.3.4 port 1025 ....
> > Code:       Access-Reject
> > Identifier: 1
> > Authentic:  <24>?N<127><151><193><229>Q<148><174>B!<1>^<233>*
> > Attributes:
> > Reply-Message = "redirected by AuthHANDLER"
> > 
> > 
> > -- 
> > Best regards, Alex
> > 
> > 
> > 
> > 
> > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> > T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
> > Handelsgericht Wien, FN 79340b
> > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> > Notice: This e-mail contains information that is confidential and may be privileged.
> > If you are not the intended recipient, please notify the sender and then
> > delete this e-mail immediately.
> > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> > _______________________________________________
> > radiator mailing list
> > radiator at open.com.au
> > http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> 
> NB: 
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets), 
> together with a trace 4 debug showing what is happening?
>

More information about the radiator mailing list