----- Original Message ----- From: <[EMAIL PROTECTED]> > Hi. > I'm using FreeRadius 0.9.0 on RedHat Linux 9. > I'm using external program for authorizing users. When authorization is not > allowed, I'd like to inform my user about reason of failure so I'm > returning Reply-Message:="Some reason" in output from my program. > But, Free Radius always returns "external check failed".
The auth.c code always adds a reply-message attribute to the Auth-Reject when the external program returns something else than 0. I have patched the source code so it doesn't do this anymore. Here's the patch: --- src/main/auth.c.orig 2003-08-27 15:57:17.000000000 +0200 +++ src/main/auth.c 2003-08-27 16:02:34.000000000 +0200 @@ -805,15 +805,18 @@ * had a non-zero exit status. */ if (umsg[0] == '\0') { - user_msg = "\r\nAccess denied (external check failed)."; + /* Don't tell NAS that auth failed by external check */ + user_msg = NULL; } else { user_msg = &umsg[0]; } request->reply->code = PW_AUTHENTICATION_REJECT; - tmp = pairmake("Reply-Message", user_msg, T_OP_SET); - - pairadd(&request->reply->vps, tmp); + /* Only add reply-message when one is available */ + if (user_msg != NULL) { + tmp = pairmake("Reply-Message", user_msg, T_OP_SET); + pairadd(&request->reply->vps, tmp); + } rad_authlog("Login incorrect (external check failed)", request, 0); You also might want to following patch, which gets rid of the 'waiting for semaphore' warning: --- src/main/threads.c.orig 2003-08-29 13:53:41.000000000 +0200 +++ src/main/threads.c 2003-08-29 13:54:22.000000000 +0200 @@ -185,7 +185,12 @@ */ DEBUG2("Thread %d waiting to be assigned a request", self->thread_num); + re_wait: if (sem_wait(&self->semaphore) != 0) { + /* Go back to waiting if ok */ + if (errno == EINTR) { + goto re_wait; + } radlog(L_ERR, "Thread %d failed waiting for semaphore: %s: Exiting\n", self->thread_num, strerror(errno)); break; Regards, Thor. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html