How to properly deal with HTTP 200 response with body with rlm_rest?

Martin Gignac martin.gignac at
Mon Apr 22 18:12:36 CEST 2019

Hi Arran,

Thanks for you response. I initially assumed that I should put:

    if (updated) {

in 'post-auth', so I put it right at the top of that section.
Unfortunately it didn't change anything, so I'm assuming that if
'updated' is returned during authentication, then it's considered a
reject and nothing can be done about this in post-auth.

I then tried to put your suggested snippet in 'authenticate', but that
prevented FreeRADIUS from starting at all (in line with the warning
not to put Unlang in authenticate).

Then I tried putting it in a policy file; FreeRADIUS wouldn't start. I
finally tried to put it in the authorize section; FreeRADIUS started
but it had not effect.

Output when the snippet is in post-auth or authorize (basically, no
difference from when it isn't):

(0)     [rest] = updated
(0)   } # authenticate = updated
(0) Failed to authenticate the user
(0) Using Post-Auth-Type Reject
(0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default
(0)   Post-Auth-Type REJECT {

Honestly, I feel pretty stupid because I'm sure it's super simple and
I'm just missing something obvious here, but where exactly am I
supposed to put that snippet?


On Sun, Apr 21, 2019 at 12:34 PM Arran Cudbard-Bell
<a.cudbardb at> wrote:
> >
> > Where I'm having an issue is, even after reading the Technical Guide,
> > I'm having trouble wrapping my head around how I should properly deal
> > with the 'updated' return code so that ultimately it is not the
> > 'Post-Auth-Type REJECT' that gets called, but instead some other
> > action where:
> rest
> if (updated) {
>         ok
> }
> -Arran
> -
> List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list