Using postauth_users and Access-Reject

Peter Lambrechtsen plambrechtsen at gmail.com
Mon Aug 9 05:36:18 CEST 2010


Using FreeRadius 2.1.7 and trying to get the postauth_users to return an
access reject however it always seems to return either a noop or ok.

This is what I get in my radiusd -X trace:

[files] postauth_users: Matched entry DEFAULT at line 30
++[files] returns ok
Sending Access-Accept of id 53 to 192.168.143.72 port 2503
        Reply-Message = "Your account has been disabled."

And this is what is in my postauth_users file:

DEFAULT Auth-Type := REJECT
        Post-Auth-Type = Reject,
        Reply-Message = "Your account has been disabled."

Checking the rlm_files.c it seems that either ok or noop are the two options
returned:

        /*
         *      See if we succeeded.
         */
        if (!found)
                return RLM_MODULE_NOOP; /* on to the next module */

        return RLM_MODULE_OK;

Ideally I would assume if the Auth-Type := Reject then the return should be
"RLM_MODULE_REJECT".

Since otherwise I think I will need to lookup if the Reply-Message is set to
disabled, and then do a reject.

I'm no C developer hence why I am not offering up a patch, but I might try
and see how difficult it would be.

Cheers

Peter
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20100809/8ba08936/attachment.html>


More information about the Freeradius-Users mailing list