redirecting REJECTed users
Matthew Newton
mcn4 at leicester.ac.uk
Fri Feb 12 23:12:31 CET 2016
On Fri, Feb 12, 2016 at 02:03:14PM -0800, Alan Batie wrote:
> On 2/12/16 1:03 PM, Arran Cudbard-Bell wrote:
>
> > authenticate {
> > Auth-Type perl {
> > perl {
> > reject = 1
> > }
> > if (reject) {
> > # do extra things here
> > }
> > }
> > }
> >
> > The NAS probably won't allow assignment unless you send back an accept though.
>
> Exactly, however it looks like Auth-Type has to be something in the
> dictionary from this error:
Auth-Type is an internal attribute. It's not sent back to the NAS.
It should be 'Accept'.
You need to send something else to your NAS to tell it to
quarantine the user. For example it if is a switch you might set a
different VLAN by sending back a different Tunnel-Private-Group-Id.
Matthew
--
Matthew Newton, Ph.D. <mcn4 at le.ac.uk>
Systems Specialist, Infrastructure Services,
I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
More information about the Freeradius-Users
mailing list