Forcing authorization access-reject depending on attribute
Alan DeKok
aland at ox.org
Mon Sep 26 18:32:29 CEST 2005
Mike Chamberlain <mikeachamberlain at gmail.com> wrote:
> The problem arises on the authorization. Even though the user may
> have supplied the correct username and password, they may not have
> enough credit to use the service. The problem is that there is no
> radius attribute that I can pass back to the ChilliSpot gateway to
> indicate that the user should not be allowed service.
It's not possible to return "no service" in an Access-Accept.
That's why people use Access-Reject.
> I have been advised that it might be possible to return an arbitrary
> Access-Reject if I use scripting. I was thinking that perhaps it
> would be possible for freeradius to examine a particular attribute in
> the authorization response, and depending on the value change the
> message to be an Access-Reject.
Why not just update the SQL qeuries?
SELECT ... where credit > 0
If there's no credit, the query won't find their password, and they
won't be a valid user.
Alan DeKok.
More information about the Freeradius-Users
mailing list