Hello Alex - Thanks for letting us know about this.
Should be fixed in the latest Radiator 4.6 patches. regards Hugh On 28 Jun 2010, at 18:35, Alexander Hartmaier wrote: > Hi, > > Radiator doesn't send the RejectReason when using AuthHANDLER but instead the > hardcoded return string from AuthHANDLER.pm. > > This is an excerpt of my config: > > <Handler Client-Identifier="hostname" Request-Type="Access-Request"> > AuthByPolicy ContinueUntilIgnore > > # Show any rejection reason to the end user > RejectHasReason > > <AuthBy LDAP2> > AuthAttrDef memberof,GENERIC,request > > # this populates Request:X-Identifier > PostSearchHook file:"%D/ldap_authselect_by_group.pl" > </AuthBy> > > <AuthBy HANDLER> > HandlerId %{Request:X-Identifier} > </AuthBy> > </Handler> > > > <Handler> > Identifier reject > > # Show any rejection reason to the end user > RejectHasReason > > <AuthBy INTERNAL> > AuthResult REJECT > RejectReason User isn't member of an OTP ldap group, rejecting > </AuthBy> > </Handler> > > This is the level 4 log where the issue can be seen: > > Mon Jun 28 08:20:06 2010: DEBUG: Handling with AuthINTERNAL: > Mon Jun 28 08:20:06 2010: DEBUG: AuthBy INTERNAL result: REJECT, User isn't > member of an OTP ldap group, rejecting > Mon Jun 28 08:20:06 2010: DEBUG: AuthBy HANDLER result: REJECT, redirected by > AuthHANDLER > Mon Jun 28 08:20:06 2010: INFO: Access rejected for test: redirected by > AuthHANDLER > Mon Jun 28 08:20:06 2010: DEBUG: Packet dump: > *** Sending to 1.2.3.4 port 1025 .... > Code: Access-Reject > Identifier: 1 > Authentic: <24>?N<127><151><193><229>Q<148><174>B!<1>^<233>* > Attributes: > Reply-Message = "redirected by AuthHANDLER" > > > -- > Best regards, Alex > > > > > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* > T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien > Handelsgericht Wien, FN 79340b > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* > Notice: This e-mail contains information that is confidential and may be > privileged. > If you are not the intended recipient, please notify the sender and then > delete this e-mail immediately. > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"* > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator NB: Have you read the reference manual ("doc/ref.html")? Have you searched the mailing list archive (www.open.com.au/archives/radiator)? Have you had a quick look on Google (www.google.com)? Have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. Includes support for reliable RADIUS transport (RadSec), and DIAMETER translation agent. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator