How to change "++[files] returns noop " into "++[files] returns?reject"
Alexander Clouter
alex at digriz.org.uk
Tue May 24 09:37:43 CEST 2011
thomas.dohl at 24-7-it-services.de wrote:
>
> in the section "authorize" I include the module "file".
> (/etc/raddb/users)
> At the moment I get an noop if a user is not found in the file.
> How can I change it to return a reject, if a user is not found?
>
> Now:
> ++[files] returns noop
> Destination:
> ++[files] returns reject
>
Depending on how your 'brain' logic flows, you can prime a default
reject and then use matching rules later to turn that to an accept like
so:
----
DEFAULT Auth-Type := Reject
Fall-Through = Yes
[your existing config here]
----
Alternatively, you can bolt the following to the end:
----
DEFAULT Auth-Type := Reject
----
I prefer to 'deny, allow' (in Apache speak), but you might prefer
'allow, deny'.
Cheers
--
Alexander Clouter
.sigmonster says: Have a taco.
-- P. S. Beagle
More information about the Freeradius-Users
mailing list