stu-tss1@auxs.umn.edu wrote:
I'm looking to implement a type of double check authentication using freeradius. I want to use the sql authentication module to provide a list of users. Everyone in this list should be proxied. However, if you aren't in the table, then you should immediately be rejected. I don't have control of the home radius server, so I can't make any modifications there. Generally, I just want to allow a controlled sub-group of users to access the system. At this point the sql module seems to be working (it is accounting and in debug mode I do see if run queries), however, it proxies the request regardless if the user is in the usergroup table. Thanks
Fall-Through := Yes DEFAULT Auth-Type := Reject The above might work, Having never tried this before I can't say.
stu-tss1@auxs.umn.edu wrote:
I want to use the sql authentication module to provide a list of users.
The SQL module doesn't do authentication. The "authorise" section can check the DB for the existense of a usrr.
Everyone in this list should be proxied. However, if you aren't in the table, then you should immediately be rejected.
Configure everyone in the list to be proxied via Proxy-To-Realm attribute. Then, don't have any authentication methods for anyone else. The default behavior of the server is to reject users. Alan DeKok.
participants (3)
-
Alan DeKok -
Lewis Bergman -
stu-tss1@auxs.umn.edu