On 2/12/16 1:03 PM, Arran Cudbard-Bell wrote:
authenticate { Auth-Type perl { perl { reject = 1 } if (reject) { # do extra things here } } }
The NAS probably won't allow assignment unless you send back an accept though.
Exactly, however it looks like Auth-Type has to be something in the dictionary from this error: Fri Feb 12 13:35:58 2016 : Auth: (0) Login incorrect (perl: Failed to create pair control:Auth-Type = Unknown-User): This perl module code does what I'm trying to do: sub authorize { if (!defined($RAD_CHECK{'Auth-Type'})) { &radiusd::radlog(L_DBG, "No Auth-Type,setting to Local to default to suspended pool"); $RAD_CHECK{'Auth-Type'} = 'Local'; } return RLM_MODULE_OK; } sub authenticate { # if user found, Auth-Type will be set to PAP if ($RAD_CHECK{'Auth-Type'} eq 'PAP') { # but if they give a bad password, put them in suspended pool if ($RAD_REQUEST{'User-Password'} ne $RAD_CHECK{'Cleartext-Password'}) { &radiusd::radlog(L_ERR, "Invalid password: " . $RAD_REQUEST{'User-Name'} . "/" . $RAD_REQUEST{'User-Password'}); $RAD_CHECK{'Pool-Name'} = "suspended"; } } else { # and if they don't even exist, put them in suspended pool too &radiusd::radlog(L_ERR, "Unknown user: " . $RAD_REQUEST{'User-Name'}); $RAD_CHECK{'Pool-Name'} = "suspended"; } return RLM_MODULE_OK; } with this in the site config: authorize { ... # pap perl } authenticate { Auth-Type PAP { perl } Auth-Type Local { perl } }