In which point does the FR sever send the Access-Accept or Access-Reject packet?
Bjørn Mork
bjorn at mork.no
Thu Jan 5 12:42:44 CET 2006
Marta Lajas <marta_loops at yahoo.es> writes:
> I have a doubt about when FreeRadius server decides to send an
> Access-Accept or an Access-Reject packet.
> When the authenticate module returns with a RLM_MODULE_REJECT,
> does the FR server send an Access-Reject packet? or does it occur
> later?
> When the authenticate module returns with a RLM_MODULE_OK, does
> the FR server send the Access-Accept packet? or does it occur
> later?
You can find the answers in src/main/modcall.c. The default
authenticate actions are:
{
MOD_ACTION_RETURN, /* reject */
1, /* fail */
MOD_ACTION_RETURN, /* ok */
MOD_ACTION_RETURN, /* handled */
1, /* invalid */
MOD_ACTION_RETURN, /* userlock */
MOD_ACTION_RETURN, /* notfound */
1, /* noop */
1 /* updated */
},
Which means that both RLM_MODULE_REJECT and RLM_MODULE_OK will cause
an immediate return action without calling any further modules in the
authenticate section.
Note that these actions may be modified by "redundant" or "append"
module grouping, or even configured on code by code basis. See
doc/configurable_failover
The modules in postauth will of course still be called before sending
Access-Reject or Access-Accept.
Bjørn
More information about the Freeradius-Users
mailing list