On Aug 26, 2020, at 10:39 AM, Matt Zagrabelny <mzagrabe@d.umn.edu> wrote:
3.0.21 behaves the same. However, I was under the (wrong) impression that I needed to put my business logic in post-proxy since I was proxying all authentication requests - that is, I was no longer performing any local auth.
No, pre/post-proxy are just an *additional* step. They don't prevent anything else from happening.
But, it seems I can put the business logic of rejecting users in post-auth and that will work with the proxying.
I'm not sure if the limitations of not being able to "reject" in post-proxy is worth putting in a feature request or not.
Probably not. We're trying to keep v3 stable, and making minimal changes.
Thanks again for the help and FreeRADIUS, too. It is all very appreciated.
You're welcome. Alan DeKok.