users file ignored and still checks sql

Alan DeKok aland at
Tue Apr 24 13:44:17 CEST 2012

Paul Tinson wrote:
> The issue is I want to do a realm based auth for one realm and return some
> L2TP information.
> So in proxy.conf I have added the realm, in users I have added a user like
> this: realm and ip changed to protect the innocent
> DEFAULT Realm == "", Auth-Type := Accept

  That says "set Accept authentication during the authentication phase"
> [files] users: Matched entry DEFAULT at line 87
> ++[files] returns ok
> [sql]   expand: %{Orcon-User-Name} ->

  That's what's supposed to happen.

> I would have thought this configuration should result in the users file
> being scanned and then returning Auth-Type: Accept and not then processing
> the sql authorize module.


> Have I missed something simple, or does this config look right.

  The configuration is wrong.  Setting "Auth-Type = Accept" doesn't mean
"stop authorization".  It means "use Accept authentication"

  If you want to avoid processing the SQL module, use module-failover,
or "unlang".  See "man unlang"

authorize {
	files {
		ok = return

  Alan DeKok.

More information about the Freeradius-Users mailing list