Thanks for the followup.
We are running Radiator 2.15.
What is the syntax for setting RejectHasReason in the handler?
Here is the trace output I think you wanted.
It appears the user is getting explicitly rejected in the first file, but
accepted by the last file.
-- Brian
Mon May 1 07:45:12 2000: DEBUG: Reading users file
/home/radius/etc/sportbrain_
reject_file
Mon May 1 07:45:12 2000: DEBUG: AuthSBAUTH loaded
Mon May 1 07:45:12 2000: DEBUG: New Radius::AuthSBAUTH constructed
Mon May 1 07:45:12 2000: DEBUG: Reading users file
/home/radius/etc/sportbrain_
password_file
Mon May 1 07:45:12 2000: INFO: Server started: Radiator 2.15
Mon May 1 07:45:13 2000: DEBUG: Packet dump:
*** Received from 192.168.1.8 port 1127 ....
Code: Access-Request
Identifier: 80
Authentic: 1234567890123456
Attributes:
User-Name = "cmgi"
Service-Type = Framed-User
NAS-IP-Address = 206.173.119.101
NAS-Port = 1645
NAS-Port-Type = Async
User-Password =
"<29><171><0>G[<179><247><133><205><23><170><213>^1<25>_
"
Mon May 1 07:45:13 2000: DEBUG: Check if Handler NAS-Address-Port-List =
%{Glob
alVar:sportbrain_portlist_file} should be used to handle this request
Mon May 1 07:45:13 2000: DEBUG: NAS-Address-Port-List: reading
/home/radius/etc
/sportbrain_portlist_file
Mon May 1 07:45:13 2000: DEBUG: Handling request with Handler
'NAS-Address-Port
-List = %{GlobalVar:sportbrain_portlist_file}'
Mon May 1 07:45:13 2000: DEBUG: Deleting session for cmgi,
206.173.119.101, 16
45
Mon May 1 07:45:13 2000: DEBUG: Handling with Radius::AuthFILE
Mon May 1 07:45:13 2000: DEBUG: Radius::AuthFILE looks for match with cmgi
Mon May 1 07:45:13 2000: DEBUG: Radius::AuthFILE REJECT_IMMEDIATE: Rejected
exp
licitly by Auth-Type=Reject
Mon May 1 07:45:13 2000: INFO: AuthSBAUTH handle_request: Received from
192.168
.1.8 port 1127
Mon May 1 07:45:13 2000: DEBUG: Handling with Radius::AuthFILE
Mon May 1 07:45:13 2000: DEBUG: Radius::AuthFILE looks for match with cmgi
Mon May 1 07:45:13 2000: DEBUG: Radius::AuthFILE ACCEPT:
Mon May 1 07:45:13 2000: DEBUG: Access accepted for cmgi
Mon May 1 07:45:13 2000: DEBUG: Packet dump:
*** Sending to 192.168.1.8 port 1127 ....
Code: Access-Accept
Identifier: 80
Authentic: 1234567890123456
-----Original Message-----
From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On
Behalf Of Hugh Irvine
Sent: Monday, May 01, 2000 12:22 AM
To: Brian Keefe; [EMAIL PROTECTED]
Subject: RE: (RADIATOR) rejection precedence
Hello Brian -
On Sun, 30 Apr 2000, Brian Keefe wrote:
> The following outlines the test I wrote:
>
> AuthByPolicy ContinueWhileReject
>
> <AuthBy FILE>
> Filename %{GlobalVar:sportbrain_reject_file}
> </AuthBy>
>
> <AuthBy FILE>
> Filename %{GlobalVar:sportbrain_password_file}
> </AuthBy>
>
>
> In the reject file:
> reject User-Password="reject", Auth-Type="Reject:discontinued service"
>
> In the password file:
> reject User-Password="reject"
>
> The user reject always PASSES.
>
> If I copy the line from the reject file and put it in the password file,
> rejection happens.
>
> Or, if I change "Reject" to "Ignore" in the password file, I get a No
Reply
> message.
>
> Or, if I change Reject to Ignore in the reject file, I get a No Reply
> message.
>
> These events suggests to me that the explicit rejection is not treated
> differently than other rejections.
>
I would be interested in knowing what version of Radiator you are running,
and
I would like to see the trace 4 debug from the above tests to see exactly
what
is happening. It sounds like you may have a DEFAULt that is catching the
request.
> In addition, I am not getting the <msg> at the client if I have an
Auth-Type
> of "Reject:<msg>"
> I am using mostly default behavior in the radpwtst client. For this reason
> it was hard to determine what caused my rejection.
> This prompted use of the Ignore Auth-Type to differentiate causes of
> rejection.
>
You will need to set the Handler parameter "RejectHasReason". Our apologies
as
this is not currently in the manual (it will be fixed in the next release).
thanks
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
