Thomas Jalsovsky <[EMAIL PROTECTED]> wrote:
> Sorry, I'm confusing.
> radiusd.c
> /*
> * Authentication REJECT's can have only
> * EAP-Message, Message-Authenticator
> * Reply-Message and Proxy-State.
> *
> * We delete everything other than these.
> * Proxy-State is added below, just before the
> * reply is sent.
> */
Yes, and look at the code just below that. It moves over
Vendor-Specific, too.
> request->reply->code = PW_AUTHENTICATION_REJECT;
> pairfree(&request->reply->vps);
> tmp = pairmake("Reply-Message", user_msg, T_OP_SET);
> request->reply->vps = tmp;
Hmm... that would appear to be a bug. The authentication code
SHOULD NOT play with the attributes. It should leave that to the main
code.
> So, if my perl script returns non-zero value (I reject the user), the
> radius server sends back PW_AUTHENTICATION_REJECT with only one attribut:
> Reply-Message. Where are the mentioned VSAs?
That's a problem. I'll see if I can fix it today or tomorrow.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
