unlang to customize error message

Christian Strauf strauf at rz.tu-clausthal.de
Thu Apr 28 14:00:04 CEST 2016


>Is it possible via unlang to have Freeradius conditionally send "E=691" (in
>case authentication failure) based on a sql query?
>I believe this is quite tricky, but it'd really help us a lot.
Yes, that should work. You can write a policy and store it in some file in policy.d/ which does something like

update control {
	&Tmp-Integer-1 := "%{sql:SELECT XXXXX FROM `XXXX` WHERE XXXX}"
	}

(You could for example store a 0 for incompatible clients which need a rewrite of the reply message and a 1 for all other clients.)


You could call this policy which contains the SQL query in the appropriate section of your virtual server and if you need to send a reject you could do something like

if ( &control:Tmp-Integer-1 == 0 ) {
	update reply {
		Reply-Message := "..."
	}
}

to set the Reply-Message to something else where necessary.

Christian
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2172 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160428/ec991119/attachment.bin>


More information about the Freeradius-Users mailing list