Hi all, Trying to use the provided ntlm_auth exec module to authenticate users where the NAS uses pap, which works fine. I just want to improve my error reporting and pick up the return string from the failure of the module, .e.g - Exec plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) Looking around on the internet it seems I might use something like:
Auth-Type NTLM_AUTH { ntlm_auth if (ok) { } else { update reply { reply-message += "%{Module-Failure-Message}" } } } But the else statement never seems to get processed : Exec output: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) Exec plaintext: NT_STATUS_WRONG_PASSWORD: Wrong Password (0xc000006a) [ntlm_auth] Exec: program returned: 1 ++[ntlm_auth] returns reject Using Post-Auth-Type REJECT # Executing group from file /usr/local/etc/raddb/sites-enabled/default +- entering group REJECT {...} Questions are - does the exec module return to the Module-Failure-Message variable or another I can use, and why doesn't it process the subsection of the auth-type section on failure? Thanks Andy
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html