[RADIATOR] PostAuthHook isn't called from a TunnelledByTTLS=1 handler
René Hennequin
R.V.Hennequin at hva.nl
Wed May 18 08:49:39 CDT 2011
Never mind, if the external script contains errors, the hook isn't
processed. It is displayed in the log at startup.
René
Op 18-5-2011 14:11, René Hennequin schreef:
> Hi all,
>
> It looks like PostAuthHook isn't called from the TunnelledByTTLS=1 handler.
> The handler:
> <Handler TunnelledByTTLS=1, Realm=/(abc.nl)*/i>
> # Remove realms and other things
> RewriteUsername >>>>s/^([^@]+).*/$1/
> # connect to LDAP for authentication
> # may use both servers but first try local
> MaxSessions 3
> <AuthBy GROUP>
> AuthByPolicy ContinueWhileIgnore
> <AuthBy LDAP2>
> # host info
> Host 1.1.1.1
> Port 389
> Version 3
> NoDefault
> # If LDAP timeout occurs wait 60 seconds before retry ( default =
> 600 seconds)
> FailureBackoffTime 60
> # use application specific user
> AuthDN <snip>
> AuthPassword <snip>
> BaseDN dc=abc,dc=nl
> # get the user
> UsernameAttr uid
> PasswordAttr userPassword
> # return vlan id from ldap
> AuthAttrDef ipNetworkNumber, Tunnel-Private-Group-ID, reply
> </AuthBy>
> </AuthBy GROUP>
> PostAuthHook file:"%D/vlan-id-abc.pl"
> </Handler>
>
> The debug log:
> Wed May 18 13:38:20 2011: DEBUG: LDAP got userPassword: {SSHA}<snip>
> Wed May 18 13:38:20 2011: DEBUG: LDAP got ipNetworkNumber: 16
> Wed May 18 13:38:20 2011: DEBUG: Radius::AuthLDAP2 looks for match with
> abc [abc at abc.nl]
> Wed May 18 13:38:20 2011: DEBUG: Radius::AuthLDAP2 ACCEPT: : abc
> [abc at abc.nl]
> Wed May 18 13:38:20 2011: DEBUG: AuthBy GROUP result: ACCEPT,
> Wed May 18 13:38:20 2011: INFO: Access accepted for abc
> Wed May 18 13:38:20 2011: DEBUG: Returned TTLS tunnelled Diameter Packet
> dump:
> Code: Access-Accept
> Identifier: UNDEF
>
> Can someone confirm that PostAuthHook isn't called for TunnelledByTTLS=1
> handlers?
>
> Regards,
> René Hennequin
> Hogeschool van Amsterdam
More information about the radiator
mailing list