Reject user from SQL-DB

JB list.freeradius at mac.com
Thu Feb 7 20:31:17 CET 2008


Phil Mayers (07.02.2008 19:27):
> JB wrote:
>> Hi,
>> I'm afraid I'm currently not seeing the wood for the trees, please  
>> help me out. ;-)
>> I'm using stored procedures in MySQL to query for check and reply  
>> items for users. I don't need (or want) user groups so there's  
>> always a positive Fall-Through attribute returned.
>
> Be aware that unless you are using FreeRadius 2.0, the Fall-Through  
> attribute does not affect SQL group processing; see here:
> http://marc.info/?l=freeradius-users&m=119010719300080&w=2

Yes, I'm using 2.0

>> There are quite a few possibilities why a user can get rejected:  
>> Wrong login, banned from this location, generally blocked, session  
>> time/timespan exceeded and so on...
>> As a result of the information gathered in these stored procedures  
>> I know whether the user may connect or not.
>> My question: What attributes do I have to return from MySQL to  
>> reject this user??? Am I getting my wires crossed?
>
> Return:
>
> attr = 'Auth-Type'
> op = ':='
> value = 'Reject'

Of course! How embarrassing. ;-)
I actually tried that before but during the reply-items-query which  
has no effect. Returning Auth-Type := Reject from the check-items- 
query does the trick. Makes sense, doesn't it?

Thanks a lot!
JB




More information about the Freeradius-Users mailing list