[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
RE: [Radiusplugin-users] Freeradius Reply-Message
|
From: |
Dequan Randolph |
|
Subject: |
RE: [Radiusplugin-users] Freeradius Reply-Message |
|
Date: |
Sun, 21 Mar 2010 11:29:40 -0000 |
Nice. What testing I was able to do shows this as a fix and works fine.
In reference to the newly added reply-message feature, is it possible to
forward these replies through to the openvpn log (preferably both client and
server)?
My log file shows:
Sun Mar 21 11:25:10 2010 Error: RADIUS-PLUGIN: BACKGROUND AUTH:
Auth failed!
But no reply-message follows. Am I being dumb and missing something obvious?
Thanks.
-----Original Message-----
From: address@hidden
[mailto:address@hidden
rg] On Behalf Of Ralf Lübben
Sent: 21 March 2010 11:11
To: address@hidden
Subject: Re: [Radiusplugin-users] Freeradius Reply-Message
Hi,
the plugin freezes if you set "useauthcontrolfile=false" in the plugin
configuration file. If set to true the plugin won't freeze. I will update
it as
soon as possible.
Ralf
Am Samstag, 20. März 2010 20:20:06 schrieb Dequan Randolph:
> Thanks for this Ralf.
>
> However, after some testing, this new version seems to break my openvpn
> service. I would love to provide further details, but I can't provide
any
> solid evidence as to the source of the problem -- I just can't find any!
>
> I have a user who is part of a group with a radgroupcheck "Auth-Type :=
> Reject", and a radgroupreply with "Reply-Message = Disabled by
> administrator". I can receive a successful rejection one time, but
another
> time the openvpn service seems to freeze before the access-reject is
sent
> (I assume before it even hits freeradius). I would then try to restart
the
> service, but it would fail to load as it says the openvpn management
port
> is currently in use (the program has hung I assume), so I am forced to
> kill the process manually then restart the service.
>
> I have tried rolling back to beta6, and have not been able to replicate
> this issue on it -- so I have to conclude there is something wrong in
> beta7 causing the freeze (never had a single problem before).
>
> I wish I could be more helpful than just saying, "it's broken for me"!
>
> -----Original Message-----
> From:
address@hidden
>
[mailto:address@hidden
r
> g ] On Behalf Of Ralf Lübben
> Sent: 20 March 2010 11:49
> To: address@hidden
> Subject: Re: [Radiusplugin-users] Freeradius Reply-Message
>
> Hi,
>
> I added it in the new version at
>
> http://www.nongnu.org/radiusplugin/
>
> Ralf
>
> Am Mittwoch, 10. Februar 2010 19:10:38 schrieb Ralf Lübben:
> > Hi,
> >
> > yes I will put it on my ToDo list and add it the next beta release.
> >
> > Maybe it will take one or two weeks.
> >
> > Regards,
> > Ralf
> >
> > Am Dienstag, 9. Februar 2010 23:56:59 schrieb Dequan Randolph:
> > > Assuming -- as you said -- it would be easy to implement, would it
be
> > > possible to implement this in the one of the next releases?
> > >
> > > Being able to pass a custom Reply-Message would be extremely useful
for
> > > me (and hopefully other people too).
> > >
> > > Regards,
> > >
> > > Dequan.
> > >
> > >
-----------------------------------------------------------------------
> > >-
> > >
> > > Ralf Lübben wrote:
> > > > Hi,
> > > >
> > > > so far this feature is not implemented, only few radius attributes
> > > > are evaluated, which can be mapped to OpenVPN attributes.
> > > >
> > > > But it would be easy to implement it.
> > > >
> > > > Regards
> > > > Ralf
> > > >
> > > > Am Mittwoch, 3. Februar 2010 20:35:46 schrieb Dequan Randolph:
> > > >> Im not sure if this relates directly to this plugin, but is it
> > > >> possible for the plugin to forward a radgroupreply
"Reply-Message"
> > > >> created by Freeradius following a radgroupcheck?
> > > >>
> > > >> Ideally i'd like to create a more accurate return of information
> > > >> during a failed login process. For example, if the user has been
> > > >> disabled by an administrator, a reply-message could be forwarded
to
> > > >> OpenVPN
> > > >> (specifically the log file) indicating a more detailed
explanation
> > > >> of why he/she is rejected, i.e. "Your account has been disabled".
> > > >>
> > > >> As it stands OpenVPN can output to a log, but the only
information
> > > >> concerning a failed login attempt is indicated by:
> > > >>
> > > >> AUTH: Received AUTH_FAILED control message
> > > >>
> > > >> Would it be possible to return more detailed information via a
> > > >> Reply-Message packet?
> > > >>
> > > >> Regards,
> > > >>
> > > >> Dequan.
> > > >
> > > > _______________________________________________
> > > > Radiusplugin-users mailing list
> > > > address@hidden
> > > > http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
> >
> > _______________________________________________
> > Radiusplugin-users mailing list
> > address@hidden
> > http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
>
>
>
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
>
_______________________________________________
Radiusplugin-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/radiusplugin-users