Hey, Just to be sure I'm not banging my head around this - is it a known issue where for a defined exec module which is later used in the authorize { } section, if it returns -1 to reject the user then freeradius doesn't return an access-reject and the request simply times out?
Debug log: rad_recv: Access-Request packet from host x.x.x.x:54545, id=150, length=59 User-Name = "test" User-Password = "test" NAS-IP-Address = 255.255.255.255 NAS-Port = 1812 Thu May 6 18:45:00 2010 : Debug: Processing the authorize section of radiusd.conf Thu May 6 18:45:00 2010 : Debug: modcall: entering group authorize for request 9 Thu May 6 18:45:00 2010 : Debug: modsingle[authorize]: calling preprocess (rlm_preprocess) for request 9 Thu May 6 18:45:00 2010 : Debug: modsingle[authorize]: returned from preprocess (rlm_preprocess) for request 9 Thu May 6 18:45:00 2010 : Debug: modcall[authorize]: module "preprocess" returns ok for request 9 Thu May 6 18:45:00 2010 : Debug: modsingle[authorize]: calling chap (rlm_chap) for request 9 Thu May 6 18:45:00 2010 : Debug: modsingle[authorize]: returned from chap (rlm_chap) for request 9 Thu May 6 18:45:00 2010 : Debug: modcall[authorize]: module "chap" returns noop for request 9 Thu May 6 18:45:00 2010 : Debug: modsingle[authorize]: calling mschap (rlm_mschap) for request 9 Thu May 6 18:45:00 2010 : Debug: modsingle[authorize]: returned from mschap (rlm_mschap) for request 9 Thu May 6 18:45:00 2010 : Debug: modcall[authorize]: module "mschap" returns noop for request 9 Thu May 6 18:45:00 2010 : Debug: modsingle[authorize]: calling suffix (rlm_realm) for request 9 Thu May 6 18:45:00 2010 : Debug: rlm_realm: No '@' in User-Name = "test", looking up realm NULL Thu May 6 18:45:00 2010 : Debug: rlm_realm: No such realm "NULL" Thu May 6 18:45:00 2010 : Debug: modsingle[authorize]: returned from suffix (rlm_realm) for request 9 Thu May 6 18:45:00 2010 : Debug: modcall[authorize]: module "suffix" returns noop for request 9 Thu May 6 18:45:00 2010 : Debug: modsingle[authorize]: calling files (rlm_files) for request 9 Thu May 6 18:45:00 2010 : Debug: modsingle[authorize]: returned from files (rlm_files) for request 9 Thu May 6 18:45:00 2010 : Debug: modcall[authorize]: module "files" returns notfound for request 9 Thu May 6 18:45:00 2010 : Debug: modsingle[authorize]: calling auth-script (rlm_exec) for request 9 Thu May 6 18:45:00 2010 : Debug: Exec-Program output: Access-Reject Thu May 6 18:45:00 2010 : Debug: Exec-Program-Wait: plaintext: Access-Reject Thu May 6 18:45:00 2010 : Debug: Exec-Program: returned: 255 Thu May 6 18:45:00 2010 : Error: rlm_exec (auth-script): External script failed Thu May 6 18:45:00 2010 : Debug: modsingle[authorize]: returned from auth-script (rlm_exec) for request 9 Thu May 6 18:45:00 2010 : Debug: modcall[authorize]: module "auth-script" returns fail for request 9 Thu May 6 18:45:00 2010 : Debug: modcall: leaving group authorize (returns fail) for request 9 Thu May 6 18:45:00 2010 : Debug: Finished request 9 Thu May 6 18:45:00 2010 : Debug: Going to the next request Thu May 6 18:45:00 2010 : Debug: --- Walking the entire request list --- Regards, Liran.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html