Post-Auth REJECT - conditional sql
Alan DeKok
aland at deployingradius.com
Mon Nov 12 13:54:02 CET 2007
Rachel Primrose wrote:
> Version: FreeRADIUS Version 1.1.3
Please upgrade to 1.1.7.
> Problem:
> The LNS that will be sending requests to this server first sends an
> access request with just the realm with
> Service-Type=Outbound-User/Dialout-Framed-User (5). We either accept
> the request and give the LNS some interesting reply items that tell it
> to authenticate the user at another radius server, OR we reject the
> access request and the LNS will then send us through an access request
> for user at realm with Service-Type=Framed-User.
It also sounds like you want to do more, but you haven't described
what that "more" really is.
> When the first realm access request comes through, we do not want to
> use the sql module to log it, regardless of what our reply will be.
> The problem is, that Post-Auth-Type is overwritten no matter what I
> set it to in the users file!
That's confusing. Say what you want to happen. Don't say what's
going wrong.
> Configuration (just the important bits):
>
> users
>
> realm1.com Password=="blah", Service-Type=="Dialout-Framed-User",
> Auth-Type=Accept
That is wrong. This does NOT check the password!
> DEFAULT Auth-Type = LDAP, Autz-Type = ldap_user, Post-Auth-Type = ldap_user
And you don't have a post-auth-type of "ldap_user".
> post-auth {
> Post-Auth-Type ldap{
> sql
Why? The names aren't magic. There's no need to call it "ldap" if
it's not doing ldap.
> In the post-auth section Post-Auth-Type REJECT I want to conditionally
> run the sql module, based on the Service-Type attribute.
To do... what?
Alan DeKok.
More information about the Freeradius-Users
mailing list