RE: RV: radreply works even with access-reject
> > Hey, come on people ... just wanna know if this is normal > > or not > I want to get paid to answer questions here. Sadly, that > isn't happening. I have a theory: meanwhile rougher and sarcastic I put myself, more attention I receive > > The thing is that the user exists but there was a > > password failure > > ... and got the reply attributes I believe that if there is an > > access-reject with the authorize_check_query, authorize_reply_query > > should not be executed. > Then you don't understand how the server works. Hint: > those queries are run BEFORE authentication. Thanx for the hint, I got it now ... !!! > > Has anybody else got this error ? > > Search the list archives. I did ... thanx again ... > Alan DeKok. Best regards, Lucas -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.10.1 - Release Date: 20/04/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Re: RV: radreply works even with access-reject
"Lucas Aimaretto" <[EMAIL PROTECTED]> wrote: > Hey, come on people ... just wanna know if this is normal or not I want to get paid to answer questions here. Sadly, that isn't happening. > But the thing is that the user exists but there was a password failure > ... and got the reply attributes I believe that if there is an > access-reject with the authorize_check_query, authorize_reply_query > should not be executed. Then you don't understand how the server works. Hint: those queries are run BEFORE authentication. > Has anybody else got this error ? Search the list archives. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RV: radreply works even with access-reject
> > > I have the following situation. The user XXX exists in > > > the radcheck table. He has its password and > > > everytingh works ok. Upon an access-request, > > > if user/password provided are ok, I get an > > > access-accept response with a reply containing the attribute > > > assigned to the XXX user in the radreply table. > > > > > > The rare ( rare? ) thing is the following: > > > > > > If the password provided is wrong, I get the > > > access-reject response, > > > but all the attributes in the radreply table are sent to > > > the nas ... > > > is this correct Because, I do not really want this to happen > > > ... > > > > > > Thank you in advance > > > > I've also discovered that when using CHAP, I get the > > access-reject, but the reply-attributes are sent. Whereas, > > when using Plain-text password ... I also get the > > access-reject, but no reply-attributes are sent. Any hint ? > > > > Any help ? > Hey, come on people ... just wanna know if this is normal or not I do not want to have to reply attributes if I got an access-reject, because of a password failure ... Obviously, if the user does not exist, I get no reply-attributes, buecasue the query at the radreply table gets nothing. But the thing is that the user exists but there was a password failure ... and got the reply attributes I believe that if there is an access-reject with the authorize_check_query, authorize_reply_query should not be executed. Has anybody else got this error ? Best Regards, Lucas -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.10.1 - Release Date: 20/04/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RV: radreply works even with access-reject
> > I have the following situation. The user XXX exists in the > > radcheck table. He has its password and everytingh works ok. > > Upon an access-request, if user/password provided are ok, I > > get an access-accept response with a reply containing the > > attribute assigned to the XXX user in the radreply table. > > > > The rare ( rare? ) thing is the following: > > > > If the password provided is wrong, I get the access-reject > > response, but all the attributes in the radreply table are > > sent to the nas ... is this correct Because, I do not > > really want this to happen ... > > > > Thank you in advance > > I've also discovered that when using CHAP, I get the > access-reject, but the reply-attributes are sent. Whereas, > when using Plain-text password ... I also get the > access-reject, but no reply-attributes are sent. Any hint ? > > Regards, > > Lucas Any help ? Regards, Lucas -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.10.1 - Release Date: 20/04/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
RV: radreply works even with access-reject
> I have the following situation. The user XXX exists in the > radcheck table. He has its password and everytingh works ok. > Upon an access-request, if user/password provided are ok, I > get an access-accept response with a reply containing the > attribute assigned to the XXX user in the radreply table. > > The rare ( rare? ) thing is the following: > > If the password provided is wrong, I get the access-reject > response, but all the attributes in the radreply table are > sent to the nas ... is this correct Because, I do not > really want this to happen ... > > Thank you in advance I've also discovered that when using CHAP, I get the access-reject, but the reply-attributes are sent. Whereas, when using Plain-text password ... I also get the access-reject, but no reply-attributes are sent. Any hint ? Regards, Lucas -- No virus found in this outgoing message. Checked by AVG Anti-Virus. Version: 7.0.308 / Virus Database: 266.9.17 - Release Date: 19/04/2005 - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
