Setting Auth-Type to Accept using unlang
Abel Alejandro
aalejandro at gmail.com
Tue Oct 14 15:14:51 CEST 2008
On Tue, Oct 14, 2008 at 4:39 AM, <tnt at kalik.net> wrote:
>>How do I test if Auth-Type is not set?
>>
>>I tried with:
>>
>>if (!Auth-Type) {
>>
>
> That should work (I don't have 2.1.1 installed but I have tested that in
> 2.0.5 some time ago). You have added that in authorize (not
> authenticate) after pap entry? Post the debug.
The problem is that if (!Auth-Type) returns true even when the user is valid.
Here is a debug when the user is valid.
++[sql] returns ok
++[pap] returns updated
++? if (!Auth-Type)
? Evaluating !(Auth-Type) -> FALSE
++? if (!Auth-Type) -> TRUE
++- entering if (!Auth-Type) {...}
+++? if (!NAS-IP-Address == 196.12.161.237)
? Evaluating !(NAS-IP-Address == 196.12.161.237) -> FALSE
+++? if (!NAS-IP-Address == 196.12.161.237) -> TRUE
+++- entering if (!NAS-IP-Address == 196.12.161.237) {...}
++++[reply] returns updated
++++[control] returns updated
+++- if (!NAS-IP-Address == 196.12.161.237) returns updated
++- if (!Auth-Type) returns updated
Found Auth-Type = Accept
Auth-Type = Accept, accepting the user
+- entering group post-auth {...}
I am using the following in the authorize section right after pap:
if (!Auth-Type) {
if (!NAS-IP-Address == X.X.X.X) {
update reply {
Reply-Message = "Restricted Access"
MS-Primary-DNS-Server = X.X.X.X
MS-Secondary-DNS-Server = X.X.X.X
RP-Max-Sessions-Per-User = 100
}
update control {
Auth-Type := "Accept"
Pool-Name := "invaliduser_pool"
}
}
}
>
> Ivan Kalik
> Kalik Informatika ISP
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
>
More information about the Freeradius-Users
mailing list