Hi Hugh,
I can confirm that the latest patchset fixes the problem.
Thanks for the quick-as-usual fix!
--
Best regards, Alex
Am Dienstag, den 29.06.2010, 05:47 +0200 schrieb Hugh Irvine:
> Hello Alex -
>
> Thanks for letting us know about this.
>
> Should be fixed in the latest Radiator 4.6 patches.
>
> regards
>
> Hugh
>
>
> On 28 Jun 2010, at 18:35, Alexander Hartmaier wrote:
>
> > Hi,
> >
> > Radiator doesn't send the RejectReason when using AuthHANDLER but instead
> > the hardcoded return string from AuthHANDLER.pm.
> >
> > This is an excerpt of my config:
> >
> > <Handler Client-Identifier="hostname" Request-Type="Access-Request">
> > AuthByPolicy ContinueUntilIgnore
> >
> > # Show any rejection reason to the end user
> > RejectHasReason
> >
> > <AuthBy LDAP2>
> > AuthAttrDef memberof,GENERIC,request
> >
> > # this populates Request:X-Identifier
> > PostSearchHook file:"%D/ldap_authselect_by_group.pl"
> > </AuthBy>
> >
> > <AuthBy HANDLER>
> > HandlerId %{Request:X-Identifier}
> > </AuthBy>
> > </Handler>
> >
> >
> > <Handler>
> > Identifier reject
> >
> > # Show any rejection reason to the end user
> > RejectHasReason
> >
> > <AuthBy INTERNAL>
> > AuthResult REJECT
> > RejectReason User isn't member of an OTP ldap group, rejecting
> > </AuthBy>
> > </Handler>
> >
> > This is the level 4 log where the issue can be seen:
> >
> > Mon Jun 28 08:20:06 2010: DEBUG: Handling with AuthINTERNAL:
> > Mon Jun 28 08:20:06 2010: DEBUG: AuthBy INTERNAL result: REJECT, User isn't
> > member of an OTP ldap group, rejecting
> > Mon Jun 28 08:20:06 2010: DEBUG: AuthBy HANDLER result: REJECT, redirected
> > by AuthHANDLER
> > Mon Jun 28 08:20:06 2010: INFO: Access rejected for test: redirected by
> > AuthHANDLER
> > Mon Jun 28 08:20:06 2010: DEBUG: Packet dump:
> > *** Sending to 1.2.3.4 port 1025 ....
> > Code: Access-Reject
> > Identifier: 1
> > Authentic: <24>?N<127><151><193><229>Q<148><174>B!<1>^<233>*
> > Attributes:
> > Reply-Message = "redirected by AuthHANDLER"
> >
> >
> > --
> > Best regards, Alex
> >
> >
> >
> >
> > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> > T-Systems Austria GesmbH Rennweg 97-99, 1030 Wien
> > Handelsgericht Wien, FN 79340b
> > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> > Notice: This e-mail contains information that is confidential and may be
> > privileged.
> > If you are not the intended recipient, please notify the sender and then
> > delete this e-mail immediately.
> > *"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*"*
> > _______________________________________________
> > radiator mailing list
> > radiator@open.com.au
> > http://www.open.com.au/mailman/listinfo/radiator
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
