Post-Auth-Type reject not insert in radpostauth table

classic Classic list List threaded Threaded
2 messages Options
| Threaded
Open this post in threaded view
|

Post-Auth-Type reject not insert in radpostauth table

Users mailing list
hi there,I have freeradius version3  which has an external authentication script in the users file

this is the users  file content



DEFAULT Auth-Type := accept
   Exec-Program-Wait="/usr/bin/php /var/www/html/cloudradius/captiveportal/auth.php \"%{User-Name}\" \"%{User-Password}\" \"%{Calling-Station-Id}\" \"%{NAS-Port}\" \"%{NAS-IP-Address}\"


and this is the post auth section in default file under sites-enables

post-auth {
  reply_log
exec
 sql
    Post-Auth-Type reject {


sql
                attr_filter.access_reject

        }

}

and this is the output which is returned from my external script  in reject status
Reply-Message="User not found"

the problem is when I get rejected user it is not insert  in radpost auth rable but it insert without any problem when I get accepted user
this is the debug when I get rejected user
(0) # Executing section post-auth from file /usr/local/etc/raddb/sites-enabled/default
(0)   post-auth {
(0) reply_log: EXPAND /usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d
(0) reply_log:    --> /usr/local/var/log/radius/radacct/127.0.0.1/reply-detail-20200913
(0) reply_log: /usr/local/var/log/radius/radacct/%{%{Packet-Src-IP-Address}:-%{Packet-Src-IPv6-Address}}/reply-detail-%Y%m%d expands to /usr/local/var/log/radius/radacct/127.0.0.1/reply-detail-20200913
(0) reply_log: EXPAND %t
(0) reply_log:    --> Sun Sep 13 23:40:40 2020
(0)     [reply_log] = ok
(0) exec: Executing: /usr/bin/php /var/www/html/cloudradius/captiveportal/auth.php "28:C6:8E:3F:6E:dB1" "1234" "28:C6:8E:3F:6E:BB" "102" "103.81.214.233" "PPP" "192.168.0.1" "" "nas":
(0) exec: ERROR: Program returned code (1) and output 'Reply-Message="User not found"'
(0)     [exec] = reject
(0)   } # post-auth = reject
(0) EXPAND User : %{User-Name}, MAC : %{Calling-Station-Id}, Nas : %{NAS-IP-Address}, Nas Port : %{NAS-Port-Id}, Ip : %{Framed-IP-Address}
(0)    --> User : 28:C6:8E:3F:6E:dB1, MAC : 28:C6:8E:3F:6E:BB, Nas : 103.81.214.233, Nas Port : , Ip : 192.168.0.1
(0) Rejected in post-auth: [28:C6:8E:3F:6E:dB1/1234] (from client localhost port 102 cli 28:C6:8E:3F:6E:BB) User : 28:C6:8E:3F:6E:dB1, MAC : 28:C6:8E:3F:6E:BB, Nas : 103.81.214.233, Nas Port : , Ip : 192.168.0.1
(0) EXPAND User : %{User-Name}, MAC : %{Calling-Station-Id}, Nas : %{NAS-IP-Address}, Nas Port : %{NAS-Port-Id}, Ip : %{Framed-IP-Address}
(0)    --> User : 28:C6:8E:3F:6E:dB1, MAC : 28:C6:8E:3F:6E:BB, Nas : 103.81.214.233, Nas Port : , Ip : 192.168.0.1
(0) Login incorrect (exec: Program returned code (1) and output 'Reply-Message="User not found"'): [28:C6:8E:3F:6E:dB1/1234] (from client localhost port 102 cli 28:C6:8E:3F:6E:BB) User : 28:C6:8E:3F:6E:dB1, MAC : 28:C6:8E:3F:6E:BB, Nas : 103.81.214.233, Nas Port : , Ip : 192.168.0.1
(0) Delaying response for 1.000000 seconds
Waking up in 0.2 seconds.








-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
| Threaded
Open this post in threaded view
|

Re: Post-Auth-Type reject not insert in radpostauth table

Alan DeKok-2
On Sep 13, 2020, at 2:43 PM, Muhammed Buvaydani via Freeradius-Users <[hidden email]> wrote:
>
> the problem is when I get rejected user it is not insert  in radpost auth rable but it insert without any problem when I get accepted user

  You should run the script in the "authenticate" section.  See the "exec" module for details.  You can use the "exec" module instead of "Exec-Program-Wait".

  You're trying to run the "post-auth" section, and then reject the the user in the post-auth section.  That's not supported before version 3.0.6.

  You should probably also upgrade.  Whatever version you're running is at *least* 6 years old, and possible older.  There have been many fixes made since then.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html