Hello, I have Freeradius 2.1.8. I want to return an error code if my freeradius can't contact with the backend. Here is my authorize section: authorize { . . . switch "%{Realm}" { case 'temp.unex.es' { sql { fail = 1 } if (!fail && ("%D" < "%{control:Expiration-Init}")) { update reply { Codigo-Reject := Cuenta-Inactiva } reject } } case 'unex.es' { ldap { fail = 1 } } case { update reply { Codigo-Reject := Error-Dominio } reject } } if (fail) { update reply { Codigo-Reject := Imposible-Contactar-Backend } reject } expiration { userlock = 1 } if (userlock) { update reply { Codigo-Reject := Cuenta-Expirada } } pap } My problem is when Freeradius can't contact ldap. Here is my debug info: rad_recv: Access-Request packet from host X.X.X.X port 48454, id=116, length=56 User-Name = "usuario@unex.es" User-Password = "1631" server rinuex { . . . ++- entering switch %{Realm} {...} +++- entering case unex.es {...} [ldap] performing user authorization for usuario [ldap] expand: %{Stripped-User-Name} -> usuario [ldap] expand: (cn=%{%{Stripped-User-Name}:-%{User-Name}}) -> (cn=usuario) [ldap] expand: ou=saser,dc=unex,dc=es -> ou=saser,dc=unex,dc=es [ldap] ldap_get_conn: Checking Id: 0 [ldap] ldap_get_conn: Got Id: 0 [ldap] attempting LDAP reconnection [ldap] (re)connect to X.X.X.X, authentication 0 [ldap] bind as cn=... [ldap] waiting for bind result ... [ldap] LDAP login failed: check identity, password settings in ldap section of radiusd.conf [ldap] (re)connection attempt failed [ldap] search failed [ldap] ldap_release_conn: Release Id: 0 ++++[ldap] returns fail +++- case unex.es returns fail ++- switch %{Realm} returns fail } # server rinuex Using Post-Auth-Type Reject +- entering group REJECT {...} ++[reply] returns noop ++? if ("%{reply:Codigo-Reject}") expand: %{reply:Codigo-Reject} -> Credenciales-Erroneas ? Evaluating ("%{reply:Codigo-Reject}") -> TRUE ++? if ("%{reply:Codigo-Reject}") -> TRUE ++- entering if ("%{reply:Codigo-Reject}") {...} +++- if ("%{reply:Codigo-Reject}") returns noop ++- group REJECT returns noop [sql] expand: %{Stripped-User-Name} -> usuario [sql] expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} -> usuario [sql] sql_set_user escaped user --> 'usuario' [sql] expand: INSERT INTO radpostauth (username, mac, client, reply, authdate,codreject) VALUES ( '%{User-Name}', LOWER('%{Calling-Station-Id}'), '%C', '%{reply:Packet-Type}', NOW(), '%{reply:Codigo-Reject}') -> INSERT INTO radpostauth (username, mac, client, reply, authdate,codreject) VALUES ( 'usuario@unex.es', LOWER(''), 'CAU2', 'Access-Reject', NOW(), 'Credenciales-Erroneas') rlm_sql (sql) in sql_postauth: query is INSERT INTO radpostauth (username, mac, client, reply, authdate,codreject) VALUES ( 'usuario @unex.es', LOWER(''), 'CAU2', 'Access-Reject', NOW(), 'Credenciales-Erroneas') rlm_sql (sql): Reserving sql socket id: 2 rlm_sql (sql): Released sql socket id: 2 ++[sql] returns ok [attr_filter.access_reject] expand: %{User-Name} -> usuario@unex.es attr_filter: Matched entry DEFAULT at line 11 ++[attr_filter.access_reject] returns updated Delaying reject of request 0 for 1 seconds Going to the next request Waking up in 0.9 seconds. Sending delayed reject for request 0 Sending Access-Reject of id 116 to X.X.X.X port 48454 Codigo-Reject = Credenciales-Erroneas I need help. Thank you and sorry for y english. -- ____________________ Ana Gallardo Gómez ____________________