Auth-Type = Reject not being obeyed
Phil Mayers
p.mayers at imperial.ac.uk
Fri May 24 18:31:29 CEST 2013
On 24/05/13 17:19, Alan Buxey wrote:
> The only difference I can see is that the first example uses a
> plain-text password, and the RADIUS on the LNS is using CHAP?
>
> The backend database has "=" in the 'op' field (and not ":="), so the
> returned attribute is "Auth-Type = Reject" and not "Auth-Type :=
> Reject", but it is correctly rejected using radtest/radclient, and I
> believe the "=" operand to be correct.
You might have this:
authorize {
...
chap
sql
...
}
..and Auth-Type is already set by chap, hence "=" doesn't overwrite it.
Anyway, you're not correct that "=" is the right operator; ":=" means
"force" i.e. set this attribute to this value, always, and that's what
you want to do here, right? "=" means "set if unset"
As has also been pointed out - show "radiusd -X" for a problem auth (and
set a subject line...)
More information about the Freeradius-Users
mailing list