Rachel Primrose wrote:
Version: FreeRADIUS Version 1.1.3
Please upgrade to 1.1.7.
Problem: The LNS that will be sending requests to this server first sends an access request with just the realm with Service-Type=Outbound-User/Dialout-Framed-User (5). We either accept the request and give the LNS some interesting reply items that tell it to authenticate the user at another radius server, OR we reject the access request and the LNS will then send us through an access request for user@realm with Service-Type=Framed-User.
It also sounds like you want to do more, but you haven't described what that "more" really is.
When the first realm access request comes through, we do not want to use the sql module to log it, regardless of what our reply will be. The problem is, that Post-Auth-Type is overwritten no matter what I set it to in the users file!
That's confusing. Say what you want to happen. Don't say what's going wrong.
Configuration (just the important bits):
users
realm1.com Password=="blah", Service-Type=="Dialout-Framed-User", Auth-Type=Accept
That is wrong. This does NOT check the password!
DEFAULT Auth-Type = LDAP, Autz-Type = ldap_user, Post-Auth-Type = ldap_user
And you don't have a post-auth-type of "ldap_user".
post-auth { Post-Auth-Type ldap{ sql
Why? The names aren't magic. There's no need to call it "ldap" if it's not doing ldap.
In the post-auth section Post-Auth-Type REJECT I want to conditionally run the sql module, based on the Service-Type attribute.
To do... what? Alan DeKok.