<!DOCTYPE html PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<meta content="text/html;charset=ISO-8859-1" http-equiv="Content-Type">
</head>
<body bgcolor="#ffffff" text="#000000">
Thanks, that works.<br>
<br>
Norbert Wegener<br>
<br>
Alan DeKok schrieb:
<blockquote cite="mid:48CA2C7E.2070203@deployingradius.com" type="cite">
<pre wrap="">Norbert Wegener wrote:
</pre>
<blockquote type="cite">
<pre wrap="">If fear not...
</pre>
</blockquote>
<pre wrap=""><!---->
Hmm... if this is in the "authenticate" section, then the rules are
different. The authenticate section is processed by selecting *one*
module / section from the list. That *one* module is processed.
So if you have:
authenticate {
eap
foo
}
Then "eap" is run for Auth-Type = eap. "foo" is not used, and any
failure / noop / whatever of "eap" does NOT cause it to fall through to
"foo".
The solution is to wrap it in an Auth-Type block:
authenticate {
Auth-Type eap {
eap {
invalid = 1
}
if ( invalid ) {
...
}
}
foo
}
In this case, the "eap" *section* will be processed. The contents
will be treated just as if they were being run in the "authorize"
section. So the default action for "invalid" has to be changed in order
for it to fall through, and continue processing.
Alan DeKok.
-
List info/subscribe/unsubscribe? See <a class="moz-txt-link-freetext" href="http://www.freeradius.org/list/users.html">http://www.freeradius.org/list/users.html</a>
</pre>
</blockquote>
<br>
</body>
</html>