Logging problem
Alan DeKok
aland at deployingradius.com
Fri Sep 12 10:46:54 CEST 2008
Norbert Wegener wrote:
> If fear not...
Hmm... if this is in the "authenticate" section, then the rules are
different. The authenticate section is processed by selecting *one*
module / section from the list. That *one* module is processed.
So if you have:
authenticate {
eap
foo
}
Then "eap" is run for Auth-Type = eap. "foo" is not used, and any
failure / noop / whatever of "eap" does NOT cause it to fall through to
"foo".
The solution is to wrap it in an Auth-Type block:
authenticate {
Auth-Type eap {
eap {
invalid = 1
}
if ( invalid ) {
...
}
}
foo
}
In this case, the "eap" *section* will be processed. The contents
will be treated just as if they were being run in the "authorize"
section. So the default action for "invalid" has to be changed in order
for it to fall through, and continue processing.
Alan DeKok.
More information about the Freeradius-Users
mailing list