Hi Arran, Thanks for you response. I initially assumed that I should put: rest if (updated) { ok } in 'post-auth', so I put it right at the top of that section. Unfortunately it didn't change anything, so I'm assuming that if 'updated' is returned during authentication, then it's considered a reject and nothing can be done about this in post-auth. I then tried to put your suggested snippet in 'authenticate', but that prevented FreeRADIUS from starting at all (in line with the warning not to put Unlang in authenticate). Then I tried putting it in a policy file; FreeRADIUS wouldn't start. I finally tried to put it in the authorize section; FreeRADIUS started but it had not effect. Output when the snippet is in post-auth or authorize (basically, no difference from when it isn't): (0) [rest] = updated (0) } # authenticate = updated (0) Failed to authenticate the user (0) Using Post-Auth-Type Reject (0) # Executing group from file /usr/local/etc/raddb/sites-enabled/default (0) Post-Auth-Type REJECT { Honestly, I feel pretty stupid because I'm sure it's super simple and I'm just missing something obvious here, but where exactly am I supposed to put that snippet? Thanks, -Martin On Sun, Apr 21, 2019 at 12:34 PM Arran Cudbard-Bell <a.cudbardb@freeradius.org> wrote:
Where I'm having an issue is, even after reading the Technical Guide, I'm having trouble wrapping my head around how I should properly deal with the 'updated' return code so that ultimately it is not the 'Post-Auth-Type REJECT' that gets called, but instead some other action where:
rest if (updated) { ok }
-Arran
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html