Re: Access-Reject in a php script
manIP wrote: Have you find out any solutions to that problem? There are whole hours when I don't read this list. I'm waiting for an answer before modifying the source code... May be, there is a bug and the official source code should be modified as Patric did. Yes, the debug output helped. It looks like it's an issue with src/main/exec.c. The code calling module_authorize() should treat FAIL the same as REJECT. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
Alan DeKok wrote:
Yes, the debug output helped. It looks like it's an issue with
src/main/exec.c. The code calling module_authorize() should treat FAIL
the same as REJECT.
Is that src/main/exec.c or src/main/auth.c?
If I look at src/main/auth.c I see the following :
int rad_authenticate(REQUEST *request)
{
...
/* Get the user's authorization information from the database */
autz_redo:
result = module_authorize(autz_type, request);
switch (result) {
case RLM_MODULE_NOOP:
case RLM_MODULE_NOTFOUND:
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
break;
case RLM_MODULE_FAIL:
case RLM_MODULE_HANDLED:
return result;
case RLM_MODULE_INVALID:
case RLM_MODULE_REJECT:
case RLM_MODULE_USERLOCK:
default:
...
Is this the code you are referring to? Should RLM_MODULE_FAIL go in with
the last few that drop into the default case?
So this would fix it :
result = module_authorize(autz_type, request);
switch (result) {
case RLM_MODULE_NOOP:
case RLM_MODULE_NOTFOUND:
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
break;
/*case RLM_MODULE_FAIL:*/
case RLM_MODULE_HANDLED:
return result;
case RLM_MODULE_FAIL:
case RLM_MODULE_INVALID:
case RLM_MODULE_REJECT:
case RLM_MODULE_USERLOCK:
default:
Makes sense, because the default case returns a reject...
Alan you are a genius!
Is this even considered a bug? Can we expect this to be changed in the
future?
Thanks a stack for all the time Alan!
--
Q: I want to be a sysadmin. What should I do?
A: Seek professional help.
--
Get a free email address with REAL anti-spam protection.
http://www.bluebottle.com/tag/1
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
Patric wrote:
Alan DeKok wrote:
Is that src/main/exec.c or src/main/auth.c?
Sorry, src/main/auth.c
If I look at src/main/auth.c I see the following :
int rad_authenticate(REQUEST *request)
{
...
/* Get the user's authorization information from the database */
autz_redo:
result = module_authorize(autz_type, request);
switch (result) {
case RLM_MODULE_NOOP:
case RLM_MODULE_NOTFOUND:
case RLM_MODULE_OK:
case RLM_MODULE_UPDATED:
break;
case RLM_MODULE_FAIL:
Delete this line.
case RLM_MODULE_HANDLED:
return result;
case RLM_MODULE_INVALID:
Put a copy of that line here.
case RLM_MODULE_REJECT:
case RLM_MODULE_USERLOCK:
default:
...
Is this the code you are referring to? Should RLM_MODULE_FAIL go in with
the last few that drop into the default case?
Yes.
Makes sense, because the default case returns a reject...
Alan you are a genius!
Sometimes. If you look at who wrote that code in the first place...
Is this even considered a bug? Can we expect this to be changed in the
future?
Yes.
Thanks a stack for all the time Alan!
You're welcome.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
Alan DeKok wrote: Is this even considered a bug? Can we expect this to be changed in the future? Yes. Not sure if you looked at the changes I originally made to rlm_exec.c but if you did, I was curious as to whether those changes contradicted the FreeRadius RFC's at all? I dont *think* so, but you never know :] -- Q: I want to be a sysadmin. What should I do? A: Seek professional help. -- Get a free email address with REAL anti-spam protection. http://www.bluebottle.com/tag/1 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
Hi, Have you find out any solutions to that problem? I'm waiting for an answer before modifying the source code... May be, there is a bug and the official source code should be modified as Patric did. Cheers! Khalid :) Hi all, Thanks again! I've tried to put return(2) and it does not work because my client receives an Access-Accept. If I let exit(2), the server does not send anything so the client fall in time out. The user will not have access but he will make many attempts as long as he does not receive an Access-Reject packet. Furthermore, he needs to know what is going on... BTW, I'm using the NTRadPing Test Utility client. hereunder is the output debug: Module: Instantiated realm (suffix) exec: wait = yes exec: program = /home/authentication.php exec: input_pairs = request exec: output_pairs = reply exec: packet_type = Access-Request Module: Instantiated exec (myauth) Module: Instantiated files (files) exec: wait = yes exec: program = /home/accounting.php exec: input_pairs = request exec: output_pairs = reply exec: packet_type = Accounting-Request Module: Instantiated exec (myacct) rad_recv: Access-Request packet from host x.x.x.x:2658, id=49, length=58 User-Name = xxx User-Password = xxx Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: Looking up realm xxx for User-Name = xxx rlm_realm: No such realm modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 Exec-Program output: Exec-Program: returned: 2 rlm_exec (myauth): External script failed modcall[authorize]: module myauth returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host x, id=49, length=58 Discarding duplicate request from client - ID: 49 --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 49 with timestamp 4721d900 Nothing to do. Sleeping until we see a request. Thank you very much anyway! Patric wrote: Something just occurred to me that I dont think I tried before. What happens if instead of doing an exit(2); you do a return(2); This way your script will still exit clean, so freeradius wont pick it up as a script failure, but hopefully will still get the result? No. If the script succeeds, the output is either a text message, or RADIUS attributes that go into an Access-Accept. If the script fails, the server sends an Access-Reject. Stop playing games with PHP and post the output of radiusd -X. I'll bet money that the solution is right there in the debug output. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
Alan DeKok wrote: There is no need to change the code. If your script exits with a non-zero exit code, then the authentication fails. If this isn't happening, then something else is going on, or you're not doing what you're saying you're doing. Rather than discuss what you think you're doing, post the debug output. This is in the FAQ, README, and INSTALL. The debug output WILL tell you what's going on. There is no extra magic we have in reading the debug output. But we READ IT. Alan DeKok. I am sure that Alan is correct here, otherwise many other users would have the same problem. With such a large user base, there *must* be other people using php authentication scripts, yet so far only 2 of us have battled?! Something just occurred to me that I dont think I tried before. What happens if instead of doing an exit(2); you do a return(2); This way your script will still exit clean, so freeradius wont pick it up as a script failure, but hopefully will still get the result? -- Q: I want to be a sysadmin. What should I do? A: Seek professional help. -- Finally - A spam blocker that actually works. http://www.bluebottle.com/tag/4 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
manIP wrote: 1) if there is a server timeout, is it assumed as an Access-reject (or does the user will be given access ?) Yes. 2) for instance, executing a script from another language which exit 2 from PHP...I tried it with a sh script and it does not work Nonsense. See the FAQ for it doesn't work. 3) If I reply with a Session-Timeout := 0...may be it will be the same effect (I know it is not clean but I have no other choice No. 4) If the previous solutions do not work, I will probably have to change the code...so Patric, I think the name of the file has changed: it is rlm_exec.c instead of exec.c. Also, After compiling it, could you give some hints to uninstall the previous version and to install the new version properly. There is no need to change the code. If your script exits with a non-zero exit code, then the authentication fails. If this isn't happening, then something else is going on, or you're not doing what you're saying you're doing. Rather than discuss what you think you're doing, post the debug output. This is in the FAQ, README, and INSTALL. The debug output WILL tell you what's going on. There is no extra magic we have in reading the debug output. But we READ IT. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
Hi everyone! Thank your for your answers... Alan, Patric has totally right. I've set the reject_delay to 0 and the result was the same. I really don't want to touch to the source code and I am sure we can find another way 1) if there is a server timeout, is it assumed as an Access-reject (or does the user will be given access ?) 2) for instance, executing a script from another language which exit 2 from PHP...I tried it with a sh script and it does not work 3) If I reply with a Session-Timeout := 0...may be it will be the same effect (I know it is not clean but I have no other choice 4) If the previous solutions do not work, I will probably have to change the code...so Patric, I think the name of the file has changed: it is rlm_exec.c instead of exec.c. Also, After compiling it, could you give some hints to uninstall the previous version and to install the new version properly. Thank you for your comprehension. Khalid ps:Sorry, I sent that email twice but the Subject of the previous one was wrong. manIP wrote: Hi, I have put exit(2) but as Patric said, freeradius thinks that the script failed and does not respond to the access-request. In the client side, there is a server time out...I don't know if that server time out is assumed as an Access-Reject? No it does not assume an access-reject - it registers it as no response, which is undesirable. As Alan said : It delays the Access-Reject. See the debug output. I tried setting reject_delay = 0 in the radius.conf but that did not help. May be the problem comes from PHP and I could use the UNIX system() function send back the code 2. I believe that this specific scenario only occurs with PHP as I said before, because of the way it sends its status codes (in the exit call). I don't know how else to do it, which is why I changed the code for my use... -- Q: I want to be a sysadmin. What should I do? A: Seek professional help. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
manIP wrote: Hi everyone! Thank your for your answers... Alan, Patric has totally right. I've set the reject_delay to 0 and the result was the same. I really don't want to touch to the source code and I am sure we can find another way 1) if there is a server timeout, is it assumed as an Access-reject (or does the user will be given access ?) It is not assumed as an access-reject, it is taken as a no-response, which is not desirable, but the outcome is the same - The user will be denied access. 2) for instance, executing a script from another language which exit 2 from PHP...I tried it with a sh script and it does not work 3) If I reply with a Session-Timeout := 0...may be it will be the same effect (I know it is not clean but I have no other choice I dont think you want to do this. If for example, the client has been set to reconnect on disconnect, you will be flooded with connection attempts. 4) If the previous solutions do not work, I will probably have to change the code...so Patric, I think the name of the file has changed: it is rlm_exec.c instead of exec.c. Also, After compiling it, could you give some hints to uninstall the previous version and to install the new version properly. Yes the file name is rlm_exec.c What I did was download the source rpm, install it, make the changes in the /usr/src/redhat/BUILD/ directory, change the version in the spec file, and build an rpm. This way you can manage your installation much better. Thank you for your comprehension. Khalid HTH -- Q: I want to be a sysadmin. What should I do? A: Seek professional help. -- Finally - A spam blocker that actually works. http://www.bluebottle.com/tag/4 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
Patric wrote: Something just occurred to me that I dont think I tried before. What happens if instead of doing an exit(2); you do a return(2); This way your script will still exit clean, so freeradius wont pick it up as a script failure, but hopefully will still get the result? No. If the script succeeds, the output is either a text message, or RADIUS attributes that go into an Access-Accept. If the script fails, the server sends an Access-Reject. Stop playing games with PHP and post the output of radiusd -X. I'll bet money that the solution is right there in the debug output. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
Alan DeKok wrote:
Patric wrote:
Something just occurred to me that I dont think I tried before.
What happens if instead of doing an
exit(2);
you do a
return(2);
This way your script will still exit clean, so freeradius wont pick it
up as a script failure, but hopefully will still get the result?
No. If the script succeeds, the output is either a text message, or
RADIUS attributes that go into an Access-Accept.
If the script fails, the server sends an Access-Reject.
Stop playing games with PHP and post the output of radiusd -X. I'll
bet money that the solution is right there in the debug output.
According to the code you are 100% correct :
result = radius_exec_program(inst-program, request,
inst-wait, NULL, 0,
in, answer);
if (result != 0) {
radlog(L_ERR, rlm_exec (%s): External script failed,
inst-xlat_name);
return RLM_MODULE_FAIL;
}
For some reason I could not get freeradius to return an access-reject
before the request timed out, even when I set reject_delay = 0
I think I understand you now, and that is where my problem lay - I
should have figured out why the reject was not being sent back in time,
instead of changing the code?
Is that right?
--
Q: I want to be a sysadmin. What should I do?
A: Seek professional help.
--
Get a free email account with anti spam protection.
http://www.bluebottle.com/tag/2
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script (manIP)
Hi, I have a working PHP script that may help. You can load it from http://swarmhotspots.com/bb.php.txt The sript is designed to reply to Chillispot authentication requests but should be easy to modify for other NAS's. Hope it helps. Regards, Sean Bracken http://swarmhotspots.com - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
Hi all, Thanks again! I've tried to put return(2) and it does not work because my client receives an Access-Accept. If I let exit(2), the server does not send anything so the client fall in time out. The user will not have access but he will make many attempts as long as he does not receive an Access-Reject packet. Furthermore, he needs to know what is going on... BTW, I'm using the NTRadPing Test Utility client. hereunder is the output debug: Module: Instantiated realm (suffix) exec: wait = yes exec: program = /home/authentication.php exec: input_pairs = request exec: output_pairs = reply exec: packet_type = Access-Request Module: Instantiated exec (myauth) Module: Instantiated files (files) exec: wait = yes exec: program = /home/accounting.php exec: input_pairs = request exec: output_pairs = reply exec: packet_type = Accounting-Request Module: Instantiated exec (myacct) rad_recv: Access-Request packet from host x.x.x.x:2658, id=49, length=58 User-Name = xxx User-Password = xxx Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: Looking up realm xxx for User-Name = xxx rlm_realm: No such realm modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 Exec-Program output: Exec-Program: returned: 2 rlm_exec (myauth): External script failed modcall[authorize]: module myauth returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 Finished request 0 Going to the next request --- Walking the entire request list --- Waking up in 6 seconds... rad_recv: Access-Request packet from host x, id=49, length=58 Discarding duplicate request from client - ID: 49 --- Walking the entire request list --- Waking up in 2 seconds... --- Walking the entire request list --- Cleaning up request 0 ID 49 with timestamp 4721d900 Nothing to do. Sleeping until we see a request. Thank you very much anyway! Patric wrote: Something just occurred to me that I dont think I tried before. What happens if instead of doing an exit(2); you do a return(2); This way your script will still exit clean, so freeradius wont pick it up as a script failure, but hopefully will still get the result? No. If the script succeeds, the output is either a text message, or RADIUS attributes that go into an Access-Accept. If the script fails, the server sends an Access-Reject. Stop playing games with PHP and post the output of radiusd -X. I'll bet money that the solution is right there in the debug output. Alan DeKok. -- - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html End of Freeradius-Users Digest, Vol 30, Issue 97 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
manIP wrote: hereunder is the output debug: rad_recv: Access-Request packet from host x.x.x.x:2658, id=49, length=58 User-Name = xxx User-Password = xxx Processing the authorize section of radiusd.conf modcall: entering group authorize for request 0 modcall[authorize]: module preprocess returns ok for request 0 modcall[authorize]: module chap returns noop for request 0 modcall[authorize]: module mschap returns noop for request 0 rlm_realm: Looking up realm xxx for User-Name = xxx rlm_realm: No such realm modcall[authorize]: module suffix returns noop for request 0 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 0 Exec-Program output: Exec-Program: returned: 2 rlm_exec (myauth): External script failed modcall[authorize]: module myauth returns fail for request 0 modcall: leaving group authorize (returns fail) for request 0 Finished request 0 Going to the next request For comparison sake here is my debug output (running on my modified code): rad_recv: Access-Request packet from host xxx.xxx.xxx.xxx:, id=146, length=159 Framed-Protocol = PPP User-Name = xyz User-Password = 123 NAS-Port-Type = Virtual NAS-Port = NAS-Port-Id = x/x/x/xx.xx Connect-Info = AutoShaped Service-Type = Framed-User NAS-IP-Address = xxx.xxx.xxx.xxx Proxy-State = 0x313938 Processing the authorize section of radiusd.conf modcall: entering group authorize for request 9 modcall[authorize]: module preprocess returns ok for request 9 modcall[authorize]: module chap returns noop for request 9 modcall[authorize]: module mschap returns noop for request 9 rlm_realm: Looking up realm myrealm.com for User-Name = xyz rlm_realm: No such realm myrealm.com modcall[authorize]: module suffix returns noop for request 9 rlm_eap: No EAP-Message, not doing EAP modcall[authorize]: module eap returns noop for request 9 users: Matched entry DEFAULT at line 54 modcall[authorize]: module files returns ok for request 9 radius_xlat: 'u:xyz' radius_xlat: 'p:123' Exec-Program output: Exec-Program: returned: 0 rlm_exec (exec-radauth): External script rejected user modcall[authorize]: module exec-radauth returns reject for request 9 modcall: leaving group authorize (returns reject) for request 9 Invalid user: [xyz/123] (from client abcd port 123456789) Sending Access-Reject of id 146 to xxx.xxx.xxx.xxx port Proxy-State = 0x313938 Finished request 9 Going to the next request Obviously my changes make it different... I would be very interested to find out what we are doing wrong, as I'm sure you can imagine I would much rather be running the official version of the code! Thanks for all the time Alan, it is as always much appreciated -- Q: I want to be a sysadmin. What should I do? A: Seek professional help. -- Get a free email account with anti spam protection. http://www.bluebottle.com/tag/2 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
[EMAIL PROTECTED] wrote: Hi, echo Session-Timeout:=100; else echo Access-Reject; //NOT WORKING!! hmmm, normally/properly you dont send such attributes back - thats a server job. you should simply exit with the return code that equals reject. alan That is correct. I had exactly the same problem and it took me a good while to figure out. I am still not certain if what I did was correct as far as how freeradius was designed, but it worked perfectly for me (and still is), so I am happy with the changes. I posted them to the list back then, check it out here: http://lists.cistron.nl/pipermail/freeradius-users/2007-May/063112.html What I found was that unlike perl and other languages where you can return an error code and exit clean, with PHP you have to exit with that error code - EG: exit(2); But when you exit(2) in PHP, freeradius thinks that the script failed and does not respond to the access-request... HTH Patric -- Q: I want to be a sysadmin. What should I do? A: Seek professional help. -- Find out how you can get spam free email. http://www.bluebottle.com/tag/3 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
Patric wrote: But when you exit(2) in PHP, freeradius thinks that the script failed and does not respond to the access-request... It delays the Access-Reject. See the debug output. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
Alan DeKok wrote: Patric wrote: But when you exit(2) in PHP, freeradius thinks that the script failed and does not respond to the access-request... It delays the Access-Reject. See the debug output. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Ah is that what happens! That delay was causing the access requests time out, and it appeared from the NAS point of view that it was getting no response... Thanks Alan -- Q: I want to be a sysadmin. What should I do? A: Seek professional help. -- Finally - A spam blocker that actually works. http://www.bluebottle.com/tag/4 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
Hi, I have put exit(2) but as Patric said, freeradius thinks that the script failed and does not respond to the access-request. In the client side, there is a server time out...I don't know if that server time out is assumed as an Access-Reject? May be the problem comes from PHP and I could use the UNIX system() function send back the code 2. Please, if you have a better solution, I would be very grateful! Cheers. Khalid Alan DeKok wrote: Patric wrote: But when you exit(2) in PHP, freeradius thinks that the script failed and does not respond to the access-request... It delays the Access-Reject. See the debug output. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html Ah is that what happens! That delay was causing the access requests time out, and it appeared from the NAS point of view that it was getting no response... Thanks Alan -- Q: I want to be a sysadmin. What should I do? A: Seek professional help. -- Finally - A spam blocker that actually works. http://www.bluebottle.com/tag/4 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
manIP wrote: Hi, I have put exit(2) but as Patric said, freeradius thinks that the script failed and does not respond to the access-request. In the client side, there is a server time out...I don't know if that server time out is assumed as an Access-Reject? No it does not assume an access-reject - it registers it as no response, which is undesirable. As Alan said : It delays the Access-Reject. See the debug output. I tried setting reject_delay = 0 in the radius.conf but that did not help. May be the problem comes from PHP and I could use the UNIX system() function send back the code 2. I believe that this specific scenario only occurs with PHP as I said before, because of the way it sends its status codes (in the exit call). I don't know how else to do it, which is why I changed the code for my use... -- Q: I want to be a sysadmin. What should I do? A: Seek professional help. -- Free pop3 email with a spam filter. http://www.bluebottle.com/tag/5 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
manIP wrote: I have put exit(2) but as Patric said, freeradius thinks that the script failed and does not respond to the access-request. In the client side, there is a server time out...I don't know if that server time out is assumed as an Access-Reject? Set reject_delay = 0 in radiusd.conf. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Access-Reject in a php script
Hi all! I am using a script for the authentication and it is working well. I can send a list of attributes without any problem. Now I want to send an Access-Reject if the authentication fails but I do not know how...I would be very grateful if someone could tell me how to do so. herein is a test script: #!/usr/bin/php ?php $argv = $_SERVER['argv']; if ( $argv[1] == toto) echo Session-Timeout:=100; else echo Access-Reject; //NOT WORKING!! ? Thanks a lot for your assistance Khalid :) - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
manIP wrote: I am using a script for the authentication and it is working well. I can send a list of attributes without any problem. Now I want to send an Access-Reject if the authentication fails but I do not know how...I would be very grateful if someone could tell me how to do so. herein is a test script: #!/usr/bin/php ?php $argv = $_SERVER['argv']; if ( $argv[1] == toto) echo Session-Timeout:=100; else echo Access-Reject; //NOT WORKING!! It's not documented as doing that. Have the script return an error, and no output. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: Access-Reject in a php script
Hi, echo Session-Timeout:=100; else echo Access-Reject; //NOT WORKING!! hmmm, normally/properly you dont send such attributes back - thats a server job. you should simply exit with the return code that equals reject. alan - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
