Reject user from SQL-DB
JB
list.freeradius at mac.com
Thu Feb 7 20:31:17 CET 2008
Phil Mayers (07.02.2008 19:27):
> JB wrote:
>> Hi,
>> I'm afraid I'm currently not seeing the wood for the trees, please
>> help me out. ;-)
>> I'm using stored procedures in MySQL to query for check and reply
>> items for users. I don't need (or want) user groups so there's
>> always a positive Fall-Through attribute returned.
>
> Be aware that unless you are using FreeRadius 2.0, the Fall-Through
> attribute does not affect SQL group processing; see here:
> http://marc.info/?l=freeradius-users&m=119010719300080&w=2
Yes, I'm using 2.0
>> There are quite a few possibilities why a user can get rejected:
>> Wrong login, banned from this location, generally blocked, session
>> time/timespan exceeded and so on...
>> As a result of the information gathered in these stored procedures
>> I know whether the user may connect or not.
>> My question: What attributes do I have to return from MySQL to
>> reject this user??? Am I getting my wires crossed?
>
> Return:
>
> attr = 'Auth-Type'
> op = ':='
> value = 'Reject'
Of course! How embarrassing. ;-)
I actually tried that before but during the reply-items-query which
has no effect. Returning Auth-Type := Reject from the check-items-
query does the trick. Makes sense, doesn't it?
Thanks a lot!
JB
More information about the Freeradius-Users
mailing list