authorization: unlang/NAS-IP-Address

leopold vova_b at yahoo.com
Wed Jul 23 16:32:46 CEST 2008


The problem is that all the users are valid and SQL module returns OK
replyattribute list is empty, so I need somehow reject the user

I did some dirty workaround 
if (!reply:Service-Type) {
                # reply list does not contain Service-Type
                reject
        }

See in debug output a valid user with valid password comes from wrong
NAS-IP-Address which does not belong to check attributes of the user's group

++[sql] returns ok
++? if (!reply:Service-Type)
? Evaluating !(reply:Service-Type) -> FALSE
++? if (!reply:Service-Type) -> TRUE
++- entering if (!reply:Service-Type)
+++[reject] returns reject
++- if (!reply:Service-Type) returns reject
  Found Post-Auth-Type Reject
+- entering group REJECT

The problem is that I do not want to rely that reply list always contains
Service-Type
reply:Service-Type


The SQL module returns OK even if there are no reply attributes

Thanks again
-- 
View this message in context: http://www.nabble.com/authorization%3A-unlang-NAS-IP-Address-tp18609937p18612055.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.




More information about the Freeradius-Users mailing list