Good morning to all, I`m using the passwd module to add an atribute to the request. How can I configure the server to reject the request if the modeule returns "notfound"? One idea would be to add an default value to the attribute and check wether it has changed after the module was called. Would this be possible? Or is there a better way? Thank you all, Wolfgang Burger
Are passwords also coming from passwd module? If they are then there is no problem. If user is not found he won't have a password and will be rejected by default. Ivan Kalik Kalik Informatika ISP Dana 2/6/2008, "Wolfgang Burger" <burgerw@immunbio.mpg.de> piše:
Good morning to all,
I`m using the passwd module to add an atribute to the request.
How can I configure the server to reject the request if the modeule returns "notfound"?
One idea would be to add an default value to the attribute and check wether it has changed after the module was called. Would this be possible? Or is there a better way?
Thank you all,
Wolfgang Burger
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you for your answer, Ivan. Am 02.06.2008 um 13:11 schrieb Ivan Kalik:
Are passwords also coming from passwd module?
No.
If they are then there is no problem. If user is not found he won't have a password and will be rejected by default.
Ivan Kalik Kalik Informatika ISP
That's right. But I am using EAP-TLS. The passwd module is only used to add an attribute that I use for additional MAC filtering. Best regards Wolfgang Burger
If you have a policy that users can gain access only from a registered mac address, revoke the certificates for all the users that didn't comply. In 2.0 you can reject them with unlang. Ivan Kalik Kalik Informatika ISP Dana 2/6/2008, "Wolfgang Burger" <burgerw@immunbio.mpg.de> piše:
Thank you for your answer, Ivan.
Am 02.06.2008 um 13:11 schrieb Ivan Kalik:
Are passwords also coming from passwd module?
No.
If they are then there is no problem. If user is not found he won't have a password and will be rejected by default.
Ivan Kalik Kalik Informatika ISP
That's right. But I am using EAP-TLS. The passwd module is only used to add an attribute that I use for additional MAC filtering.
Best regards
Wolfgang Burger
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Thank you very much Ivan. Typical case of RTFM. ... module-name if (notfound) { reject } ... Thank you again and have a nice day. Wolfgang Burger Am 02.06.2008 um 14:49 schrieb Ivan Kalik:
If you have a policy that users can gain access only from a registered mac address, revoke the certificates for all the users that didn't comply.
In 2.0 you can reject them with unlang.
Ivan Kalik Kalik Informatika ISP
Dana 2/6/2008, "Wolfgang Burger" <burgerw@immunbio.mpg.de> piše:
Thank you for your answer, Ivan.
Am 02.06.2008 um 13:11 schrieb Ivan Kalik:
Are passwords also coming from passwd module?
No.
If they are then there is no problem. If user is not found he won't have a password and will be rejected by default.
Ivan Kalik Kalik Informatika ISP
That's right. But I am using EAP-TLS. The passwd module is only used to add an attribute that I use for additional MAC filtering.
Best regards
Wolfgang Burger
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
participants (2)
-
Ivan Kalik -
Wolfgang Burger