On 02/26/2013 08:54 AM, Chitrang Srivastava wrote:
Hi,
Is their a way to return status code of an external script to the module.
Let me explain the problem:
PEAP-MSCHAPv2 with ldap and fallback is also there i.e. if ldap server
is not reachable do local auth.
Now mschapv2 authentication with ldap is to be done using ntlm_auth ,
So basically I want to know what ntlm_auth has returned ?
it actually returns "*Reading winbind reply failed! (0xc0000001) *" when
ldap is not reachable (net join has failed winbindd hasn't started)
ldap is reachable but userid/password incorrect *Logon failure
(0xc000006d) *
*
*
For both cases Exec is return reject=1 as module return code, radius
should only do local authentication ldap is not-reachable and not when
ldap reject , but because exec output is always reject I cant
distinguish the real cause of failure.
That's not actually the "exec" module; that's the mschap module
generating the return code.
Only way I can know what actually *ntlm_auth returns* ? if I know that I
can take decision in radiusd.conf.
You can't get the return code from an ntlm_auth exec, but you can get
the output - like this:
mschap
if (ok) {
...
}
else {
if (Module-Failure-Message =~ /.*logon fail.*/i) {
reject
}
else {
something_else
}
}
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
