Hi, But wouldn't that require using the users file instead of MySQL? Can the radcheck table be used in the same way? What I mean is, can a user have multiple entries within the table? At the moment we just have a single entry for each user: +----+-----------------------------------+-----------+----+-----------+ | id | UserName | Attribute | op | Value | +----+-----------------------------------+-----------+----+-----------+ | 1 | tim@realm | Password | == | test | +----+-----------------------------------+-----------+----+-----------+ But would this accomplish the same as using the users file: +----+-----------------------------------+-----------+----+-----------+ | id | UserName | Attribute | op | Value | +----+-----------------------------------+-----------+----+-----------+ | 1 | tim@realm | Password | == | test | | 2 | tim@realm | Auth-Type | := | Reject | +----+-----------------------------------+-----------+----+-----------+ I'm not going to be able to actually try this for myself until Monday, but any advice in advance would be greatly appreciated. Kind regards, Tim O'Donovan Joe Maimon wrote:
Tim O'Donovan wrote:
Hi,
Does anyone know of a simple way to invoke an Access-Reject for a user at the authenticate stage? Without changing the stored password. I have tried altering the 'op' to != and all manner of other combinations from within the rad_check table without success.
We would just like to be able to ban/unban a user with a single SQL update statement.
in the users file, setting a check item like this
user Auth-Type := "Reject"
Seems to do the job. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html