rlm_perl and checksimul
Alan DeKok
aland at deployingradius.com
Mon Apr 27 14:05:23 CEST 2015
On Apr 27, 2015, at 2:16 AM, d tbsky <tbskyd at gmail.com> wrote:
> I know why. I didn't understand the whole procedure. I should set
> up attribute "Simultaneous-Use" so freeradius would call checksimul.
> so I setup below at "default" site "authorize" section:
Yes, it only checks Simultaneous-Use if you tell it to do that.
> 1. the checksimul code runs after authentication. I would prefer not
> doing authentication at all if I already know this login is invalid.
> if possible checksimul should run before authentication.
Then change the code.
> 2. although checksimul return "RLM_MODULE_REJECT", nas still get
> "Access-Accept" (which comes from success authentication). I have
> found similar report at email list. I guest I need to change some
> internal variable so freeradius know it is now "Access-Reject".
Then read the debug output to see why.
> if checksimul runs after authentication by design, I think my best
> place to put the checking code is at "authorize" section. but in one
> EAP connection, the "authorize" section runs many times, which means
> my checking code runs many times.
>
> may I ask what is the best method to let the module runs only once
> at "authorize" section?
In v3, see "man unlang" and look for "session-state"
Alan DeKok.
More information about the Freeradius-Users
mailing list