RE: [Radiusplugin-users] Freeradius Reply-Message

[Dequan Randolph]

Thanks for this Ralf.

However, after some testing, this new version seems to break my openvpn
service. I would love to provide further details, but I can't provide any
solid evidence as to the source of the problem -- I just can't find any!

I have a user who is part of a group with a radgroupcheck "Auth-Type :=
Reject", and a radgroupreply with "Reply-Message = Disabled by
administrator". I can receive a successful rejection one time, but another
time the openvpn service seems to freeze before the access-reject is sent (I
assume before it even hits freeradius). I would then try to restart the
service, but it would fail to load as it says the openvpn management port is
currently in use (the program has hung I assume), so I am forced to kill the
process manually then restart the service.

I have tried rolling back to beta6, and have not been able to replicate this
issue on it -- so I have to conclude there is something wrong in beta7
causing the freeze (never had a single problem before).

I wish I could be more helpful than just saying, "it's broken for me"!

-----Original Message-----
From: address@hidden
[mailto:address@hidden
] On Behalf Of Ralf Lübben
Sent: 20 March 2010 11:49
To: address@hidden
Subject: Re: [Radiusplugin-users] Freeradius Reply-Message

Hi,

I added it in the new version at

http://www.nongnu.org/radiusplugin/

Ralf

Am Mittwoch, 10. Februar 2010 19:10:38 schrieb Ralf Lübben:
> Hi,
> 
> yes I will put it on my ToDo list and add it the next beta release.
> 
> Maybe it will take one or two weeks.
> 
> Regards,
> Ralf
> 
> Am Dienstag, 9. Februar 2010 23:56:59 schrieb Dequan Randolph:
> > Assuming -- as you said -- it would be easy to implement, would it be
> > possible to implement this in the one of the next releases?
> >
> > Being able to pass a custom Reply-Message would be extremely useful for
> > me (and hopefully other people too).
> >
> > Regards,
> >
> > Dequan.
> >
> > ------------------------------------------------------------------------
> >
> > Ralf Lübben wrote:
> > > Hi,
> > >
> > > so far this feature is not implemented, only few radius attributes are
> > > evaluated, which can be mapped to OpenVPN attributes.
> > >
> > > But it would be easy to implement it.
> > >
> > > Regards
> > > Ralf
> > >
> > > Am Mittwoch, 3. Februar 2010 20:35:46 schrieb Dequan Randolph:
> > >> Im not sure if this relates directly to this plugin, but is it
> > >> possible for the plugin to forward a radgroupreply "Reply-Message"
> > >> created by Freeradius following a radgroupcheck?
> > >>
> > >> Ideally i'd like to create a more accurate return of information
> > >> during a failed login process. For example, if the user has been
> > >> disabled by an administrator, a reply-message could be forwarded to
> > >> OpenVPN
> > >> (specifically the log file) indicating a more detailed explanation of
> > >> why he/she is rejected, i.e. "Your account has been disabled".
> > >>
> > >> As it stands OpenVPN can output to a log, but the only information
> > >> concerning a failed login attempt is indicated by:
> > >>
> > >>     AUTH: Received AUTH_FAILED control message
> > >>
> > >> Would it be possible to return more detailed information via a
> > >> Reply-Message packet?
> > >>
> > >> Regards,
> > >>
> > >> Dequan.
> > >
> > > _______________________________________________
> > > Radiusplugin-users mailing list
> > > address@hidden
> > > http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
> 
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
> 


_______________________________________________
Radiusplugin-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/radiusplugin-users