Post-Auth REJECT - conditional sql
Rachel Primrose
rachel.primrose at gmail.com
Sun Nov 11 22:34:02 CET 2007
Hi,
I'm having trouble configuring a new freeradius install and need some
help please!
Version: FreeRADIUS Version 1.1.3
Problem:
The LNS that will be sending requests to this server first sends an
access request with just the realm with
Service-Type=Outbound-User/Dialout-Framed-User (5). We either accept
the request and give the LNS some interesting reply items that tell it
to authenticate the user at another radius server, OR we reject the
access request and the LNS will then send us through an access request
for user at realm with Service-Type=Framed-User.
When the first realm access request comes through, we do not want to
use the sql module to log it, regardless of what our reply will be.
The problem is, that Post-Auth-Type is overwritten no matter what I
set it to in the users file!
Configuration (just the important bits):
users
realm1.com Password=="blah", Service-Type=="Dialout-Framed-User",
Auth-Type=Accept
Cisco-AVpair = "vpdn:ip-addresses=192.168.0.0",
Cisco-AVpair += "vpdn:tunnel-type=l2tp",
Cisco-AVpair += "vpdn:l2tp-tunnel-password=blah",
Cisco-AVpair += "vpdn:tunnel-id=blah"
DEFAULT Service-Type=="Dialout-Framed-User", Auth-Type=Reject
DEFAULT Auth-Type = LDAP, Autz-Type = ldap_user, Post-Auth-Type = ldap_user
Service-Type = "Framed-User",
Framed-Protocol = "PPP",
Framed-Routing = "None",
Framed-IP-Netmask = "255.255.255.255"
raidusd.conf
post-auth {
Post-Auth-Type ldap{
sql
}
Post-Auth-Type REJECT
{
sql
}
}
In the post-auth section Post-Auth-Type REJECT I want to conditionally
run the sql module, based on the Service-Type attribute.
Any suggest would be greatly appreciated.
Thanks in advance.
Kind regards,
Rachel Primrose
More information about the Freeradius-Users
mailing list