<html><head><meta http-equiv="Content-Type" content="text/html charset=us-ascii"></head><body style="word-wrap: break-word; -webkit-nbsp-mode: space; -webkit-line-break: after-white-space; "><div>We are getting unexpected behavior from FreeRADIUS 2.2.x (built from current git).</div><div><br></div><div>We want to check if a user is BLOCKED first, and only then do we want to perform some other checks.</div><div><br></div><div>Our current config looks like this:</div><div><br></div><div><div>authorize {</div><div>                #auth_log # uncomment for debugging</div><div><br></div><div>                # try to rewrite calling station ID to be sane</div><div>                rewrite_calling_station_id</div><div><br></div><div>                rewrite_username_lowercase</div><div><br></div><div>                # set VLANs for infected or tempsuspension roles</div><div><br></div><div>                IPSblocks_SQL {</div><div>                        # handle failures</div><div>                        notfound = 999</div><div>                        reject = 999</div><div>                }</div><div><br></div><div>                switch reply:RU-block-description {</div><div>                        case "infected" {</div><div>                                if(Airespace-Wlan-Id){</div><div>                                        update reply {</div><div>                                        Cisco-AVPair += "url-redirect=<a href="http://ruwireless.rutgers.edu/index.php?page=infected">http://ruwireless.rutgers.edu/index.php?page=infected</a>"</div><div>                                        Airespace-ACL-Name = "Cisco_infected"</div><div>                                        }</div><div>                                }</div><div>                                else {</div><div>                                        update reply {</div><div>                                        # try VLAN assignment</div><div>                                        Tunnel-Type := "VLAN"</div><div>                                        Tunnel-Medium-Type := "IEEE-802"</div><div>                                        Tunnel-Private-Group-Id := 1666</div><div>                                        }</div><div>                                }</div><div>                                # force accept regardless of password</div><div>                                update control {</div><div>                                       Auth-Type := "Accept"</div><div>                                }</div><div>                        ok</div><div>                        }</div><div><br></div><div>                        case "tempsus" {</div><div>                                update reply {</div><div>                                        # try VLAN assignment</div><div>                                        Tunnel-Type := "VLAN"</div><div>                                        Tunnel-Medium-Type := "IEEE-802"</div><div>                                        Tunnel-Private-Group-Id := 1666</div><div>                                }</div><div>                                # force accept regardless of password</div><div>                                update control {</div><div>                                       Auth-Type := "Accept"</div><div>                                }</div><div>                        ok</div><div>                        }</div><div>                        # default is to do nothing</div><div>                }</div><div><br></div><div>              <BUNCH OF OTHER UNLANG CODE></div></div><div><br></div><div><br></div><div>The IPSblocks_SQL does set RU-block description correctly, and the case statement behaves as expected.</div><div><br></div><div>We want to stop executing the <BUNCH OF UNLANG CODE> in the first two cases ("infected" and "tempsus"), effectively doing something like a return.</div><div><br></div><div>I've read the documentation a hundred times and can't figure out how to do what I want - everything I've tried doesn't work.</div><div><br></div><div>If someone could give me a simple hint to point me in the right direction it would be greatly appreciated.</div><div><br></div><div>-- Bruce</div><div><br></div><br><div>
<span class="Apple-style-span" style="border-collapse: separate; border-spacing: 0px; "><div><span class="Apple-style-span" style="color: rgb(152, 152, 152); ">Bruce Bauman - Systems Administrator</span></div><div><span class="Apple-style-span" style="color: rgb(152, 152, 152); ">Rutgers University Office of Information Technology</span><span class="Apple-style-span" style="color: rgb(152, 152, 152); "><br></span><span class="Apple-style-span" style="color: rgb(152, 152, 152); ">Campus Computing Services - Central Systems and Services</span><span class="Apple-style-span" style="color: rgb(152, 152, 152); "><br></span><span class="Apple-style-span" style="color: rgb(152, 152, 152); ">Office ~ (848) 445-6363</span></div><div><br></div></span><br class="Apple-interchange-newline">
</div>
<br></body></html>