Never mind, if the external script contains errors, the hook isn't processed. It is displayed in the log at startup.
René Op 18-5-2011 14:11, René Hennequin schreef: > Hi all, > > It looks like PostAuthHook isn't called from the TunnelledByTTLS=1 handler. > The handler: > <Handler TunnelledByTTLS=1, Realm=/(abc.nl)*/i> > # Remove realms and other things > RewriteUsername >>>>s/^([^@]+).*/$1/ > # connect to LDAP for authentication > # may use both servers but first try local > MaxSessions 3 > <AuthBy GROUP> > AuthByPolicy ContinueWhileIgnore > <AuthBy LDAP2> > # host info > Host 1.1.1.1 > Port 389 > Version 3 > NoDefault > # If LDAP timeout occurs wait 60 seconds before retry ( default = > 600 seconds) > FailureBackoffTime 60 > # use application specific user > AuthDN <snip> > AuthPassword <snip> > BaseDN dc=abc,dc=nl > # get the user > UsernameAttr uid > PasswordAttr userPassword > # return vlan id from ldap > AuthAttrDef ipNetworkNumber, Tunnel-Private-Group-ID, reply > </AuthBy> > </AuthBy GROUP> > PostAuthHook file:"%D/vlan-id-abc.pl" > </Handler> > > The debug log: > Wed May 18 13:38:20 2011: DEBUG: LDAP got userPassword: {SSHA}<snip> > Wed May 18 13:38:20 2011: DEBUG: LDAP got ipNetworkNumber: 16 > Wed May 18 13:38:20 2011: DEBUG: Radius::AuthLDAP2 looks for match with > abc [a...@abc.nl] > Wed May 18 13:38:20 2011: DEBUG: Radius::AuthLDAP2 ACCEPT: : abc > [a...@abc.nl] > Wed May 18 13:38:20 2011: DEBUG: AuthBy GROUP result: ACCEPT, > Wed May 18 13:38:20 2011: INFO: Access accepted for abc > Wed May 18 13:38:20 2011: DEBUG: Returned TTLS tunnelled Diameter Packet > dump: > Code: Access-Accept > Identifier: UNDEF > > Can someone confirm that PostAuthHook isn't called for TunnelledByTTLS=1 > handlers? > > Regards, > René Hennequin > Hogeschool van Amsterdam _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator