radiusplugin-users
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: [Radiusplugin-users] Freeradius Reply-Message

From: Dequan Randolph
Subject: RE: [Radiusplugin-users] Freeradius Reply-Message
Date: Sun, 21 Mar 2010 20:04:59 -0000 
I've seen the Reply-Message entry in the log file once today -- apparently
random?

Every other time, with any level of verb or other settings I try, I can only
get:

Sun Mar 21 20:01:06 2010 RADIUS-PLUGIN: FOREGROUND THREAD: New user.
Sun Mar 21 20:01:07 2010 RADIUS-PLUGIN: Got no response from radius server.
Sun Mar 21 20:01:07 2010 Error: RADIUS-PLUGIN: BACKGROUND  AUTH: Auth
failed!.
Sun Mar 21 20:01:07 2010 RADIUS-PLUGIN: FOREGROUND THREAD: Error receiving
auth confirmation from background process.

Any ideas?

-----Original Message-----
From: address@hidden
[mailto:address@hidden
] On Behalf Of Ralf Lübben
Sent: 21 March 2010 11:36
To: address@hidden
Subject: Re: [Radiusplugin-users] Freeradius Reply-Message

The reply message should be there, e.g. it get:

Sun Mar 21 11:27:02 2010 RADIUS-PLUGIN: BACKGROUND AUTH: Reply-Message:Your 
account has been disabled.

in the OpenVPN server logfile. The plugin sends the message to stderr and 
OpenVPN forwards it to the logfile.

For forwarding it to the client there must be adequate attribute that is 
forwarded by server to the client. 
To my knowledge such an attribute doesn't exist.



Am Sonntag, 21. März 2010 12:29:40 schrieb Dequan Randolph:
> Nice. What testing I was able to do shows this as a fix and works fine.
> 
> In reference to the newly added reply-message feature, is it possible to
> forward these replies through to the openvpn log (preferably both client
>  and server)?
> 
> My log file shows:
> 
>       Sun Mar 21 11:25:10 2010 Error: RADIUS-PLUGIN: BACKGROUND  AUTH:
> Auth failed!
> 
> But no reply-message follows. Am I being dumb and missing something
>  obvious?
> 
> Thanks.
> 
> -----Original Message-----
> From: address@hidden
> [mailto:address@hidden
> rg] On Behalf Of Ralf Lübben
> Sent: 21 March 2010 11:11
> To: address@hidden
> Subject: Re: [Radiusplugin-users] Freeradius Reply-Message
> 
> Hi,
> 
> the plugin freezes if you set "useauthcontrolfile=false" in the plugin
> configuration file.  If set to true the plugin won't freeze. I will update
> it as
> soon as possible.
> 
> Ralf
> 
> Am Samstag, 20. März 2010 20:20:06 schrieb Dequan Randolph:
> > Thanks for this Ralf.
> >
> > However, after some testing, this new version seems to break my openvpn
> > service. I would love to provide further details, but I can't provide
> 
> any
> 
> > solid evidence as to the source of the problem -- I just can't find any!
> >
> > I have a user who is part of a group with a radgroupcheck "Auth-Type :=
> > Reject", and a radgroupreply with "Reply-Message = Disabled by
> > administrator". I can receive a successful rejection one time, but
> 
> another
> 
> > time the openvpn service seems to freeze before the access-reject is
> 
> sent
> 
> >  (I assume before it even hits freeradius). I would then try to restart
> 
> the
> 
> >  service, but it would fail to load as it says the openvpn management
> 
> port
> 
> >  is currently in use (the program has hung I assume), so I am forced to
> >  kill the process manually then restart the service.
> >
> > I have tried rolling back to beta6, and have not been able to replicate
> >  this issue on it -- so I have to conclude there is something wrong in
> >  beta7 causing the freeze (never had a single problem before).
> >
> > I wish I could be more helpful than just saying, "it's broken for me"!
> >
> > -----Original Message-----
> > From:
> 
> address@hidden
> 
> [mailto:address@hidden
> r
> 
> > g ] On Behalf Of Ralf Lübben
> > Sent: 20 March 2010 11:49
> > To: address@hidden
> > Subject: Re: [Radiusplugin-users] Freeradius Reply-Message
> >
> > Hi,
> >
> > I added it in the new version at
> >
> > http://www.nongnu.org/radiusplugin/
> >
> > Ralf
> >
> > Am Mittwoch, 10. Februar 2010 19:10:38 schrieb Ralf Lübben:
> > > Hi,
> > >
> > > yes I will put it on my ToDo list and add it the next beta release.
> > >
> > > Maybe it will take one or two weeks.
> > >
> > > Regards,
> > > Ralf
> > >
> > > Am Dienstag, 9. Februar 2010 23:56:59 schrieb Dequan Randolph:
> > > > Assuming -- as you said -- it would be easy to implement, would it
> 
> be
> 
> > > > possible to implement this in the one of the next releases?
> > > >
> > > > Being able to pass a custom Reply-Message would be extremely useful
> 
> for
> 
> > > > me (and hopefully other people too).
> > > >
> > > > Regards,
> > > >
> > > > Dequan.
> 
> -----------------------------------------------------------------------
> 
> > > >-
> > > >
> > > > Ralf Lübben wrote:
> > > > > Hi,
> > > > >
> > > > > so far this feature is not implemented, only few radius attributes
> > > > > are evaluated, which can be mapped to OpenVPN attributes.
> > > > >
> > > > > But it would be easy to implement it.
> > > > >
> > > > > Regards
> > > > > Ralf
> > > > >
> > > > > Am Mittwoch, 3. Februar 2010 20:35:46 schrieb Dequan Randolph:
> > > > >> Im not sure if this relates directly to this plugin, but is it
> > > > >> possible for the plugin to forward a radgroupreply
> 
> "Reply-Message"
> 
> > > > >> created by Freeradius following a radgroupcheck?
> > > > >>
> > > > >> Ideally i'd like to create a more accurate return of information
> > > > >> during a failed login process. For example, if the user has been
> > > > >> disabled by an administrator, a reply-message could be forwarded
> 
> to
> 
> > > > >> OpenVPN
> > > > >> (specifically the log file) indicating a more detailed
> 
> explanation
> 
> > > > >> of why he/she is rejected, i.e. "Your account has been disabled".
> > > > >>
> > > > >> As it stands OpenVPN can output to a log, but the only
> 
> information
> 
> > > > >> concerning a failed login attempt is indicated by:
> > > > >>
> > > > >>     AUTH: Received AUTH_FAILED control message
> > > > >>
> > > > >> Would it be possible to return more detailed information via a
> > > > >> Reply-Message packet?
> > > > >>
> > > > >> Regards,
> > > > >>
> > > > >> Dequan.
> > > > >
> > > > > _______________________________________________
> > > > > Radiusplugin-users mailing list
> > > > > address@hidden
> > > > > http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
> > >
> > > _______________________________________________
> > > Radiusplugin-users mailing list
> > > address@hidden
> > > http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
> >
> > _______________________________________________
> > Radiusplugin-users mailing list
> > address@hidden
> > http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
> >
> >
> >
> > _______________________________________________
> > Radiusplugin-users mailing list
> > address@hidden
> > http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
> 
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
> 
> 
> 
> _______________________________________________
> Radiusplugin-users mailing list
> address@hidden
> http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
> 


_______________________________________________
Radiusplugin-users mailing list
address@hidden
http://lists.nongnu.org/mailman/listinfo/radiusplugin-users
reply via email to
[Prev in Thread] Current Thread [Next in Thread]