users file ignored and still checks sql

Alan DeKok aland at deployingradius.com
Tue Apr 24 13:44:17 CEST 2012


Paul Tinson wrote:
> The issue is I want to do a realm based auth for one realm and return some
> L2TP information.
> So in proxy.conf I have added the realm, in users I have added a user like
> this: realm and ip changed to protect the innocent
> 
> DEFAULT Realm == "womble.co.nz", Auth-Type := Accept

  That says "set Accept authentication during the authentication phase"
...
> [files] users: Matched entry DEFAULT at line 87
> ++[files] returns ok
> [sql]   expand: %{Orcon-User-Name} ->

  That's what's supposed to happen.

> I would have thought this configuration should result in the users file
> being scanned and then returning Auth-Type: Accept and not then processing
> the sql authorize module.

  No.

> Have I missed something simple, or does this config look right.

  The configuration is wrong.  Setting "Auth-Type = Accept" doesn't mean
"stop authorization".  It means "use Accept authentication"

  If you want to avoid processing the SQL module, use module-failover,
or "unlang".  See "man unlang"

authorize {
	...
	files {
		ok = return
	}
	sql
	...
}

  Alan DeKok.



More information about the Freeradius-Users mailing list