Letting a user in only if Authorize and Authenticate pass

Phyo Wai Soe phyo.w.soe at frontiir.net
Mon May 19 06:32:43 CEST 2014

Hi All,

We are running Freeradius 2.1.10 and MySQL in an ISP environment. I would like to find out if it's possible to let a user use our services only if he passes both Authorization and Authentication stages.

To describe the situation in detail, we have a noreset counter to track users' bytes usages and won't let a user use Internet if he has no byte credit left. When a user's credit is finished (when the reply is "Your maximum never usage has been reached"), we would still like to allow the user to log in so that he can check his account and tops up.

The issue we have is that when a user's byte credit is finished, he can still see his account's info and tops up even if he supplies a wrong password or no password at all, because Authorize comes before Authenticate.

I tried to change this by following this advice (http://tim.purewhite.id.au/2011/04/coova-chilli-freeradius-reply-message/) and doing like this in the authorize section

         reject = 1

The outcome is that if the noresetcounter returns reject and the password is wrong, he will be rejected. But if he enters correct password, he can still use the internet.

Can you please give us some pointers to configure it the way we need?

Thank you.

Phyo Wai Soe

More information about the Freeradius-Users mailing list