authorization: unlang/NAS-IP-Address
leopold
vova_b at yahoo.com
Wed Jul 23 16:32:46 CEST 2008
The problem is that all the users are valid and SQL module returns OK
replyattribute list is empty, so I need somehow reject the user
I did some dirty workaround
if (!reply:Service-Type) {
# reply list does not contain Service-Type
reject
}
See in debug output a valid user with valid password comes from wrong
NAS-IP-Address which does not belong to check attributes of the user's group
++[sql] returns ok
++? if (!reply:Service-Type)
? Evaluating !(reply:Service-Type) -> FALSE
++? if (!reply:Service-Type) -> TRUE
++- entering if (!reply:Service-Type)
+++[reject] returns reject
++- if (!reply:Service-Type) returns reject
Found Post-Auth-Type Reject
+- entering group REJECT
The problem is that I do not want to rely that reply list always contains
Service-Type
reply:Service-Type
The SQL module returns OK even if there are no reply attributes
Thanks again
--
View this message in context: http://www.nabble.com/authorization%3A-unlang-NAS-IP-Address-tp18609937p18612055.html
Sent from the FreeRadius - User mailing list archive at Nabble.com.
More information about the Freeradius-Users
mailing list