Radius users state

Sudarshan Soma sudarshan12s at gmail.com
Tue Sep 16 11:43:26 CEST 2008

On Tue, Sep 16, 2008 at 2:23 PM,  <tnt at kalik.net> wrote:
>>1. For determining session expiry, i can see the Reply-Message for
>>session timeout from rlm_expiration module. But for determining locked
>>users, i think rlm_unix doesnt pass RLM_MODULE_USERLOCK as part of
> No. But have a look at "man unlang" and module return codes. You can
> use unlang to set Reply-Message in such cases.

Thanks, I will try this.
>>2. For determining if user named xyz  has typed wrong passwd and his
>>privilage level,  , i will keep /etc/raddb/users entry as
>>xyz Auth-Type := Reject , User-password =~ "*"
>>            Reply-Message = "Invalid passwd for xyz(level 2)."
> I am not quite sure what you mean. Does your user have multiple entries
> where privilege level is determined by password? Like:
> xyz   User-Password 1
>        Priv-Level 1
> xyz   User-Password 2
>        Priv-Level 2
> You will not be able to determine which (level) password he wanted to use
> if he misses. You can remove password attribute from check line and
> level from the reply entry.
I am sorry for the confsion. I will rewrite my query :
My intention here was to determine user privilage who has entered a
wrong password. I need this privilage level for the user so that i can
take appropriate action to lock user at NAS level.

/ets/raddb/users have first entry for each user with correct passwd,
followed by wrong passwd(kept it as regular expression *)

xyz Auth-Type := Local , User-password = "xyz"
            Reply-Message = "successfull level(2)."

xyz Auth-Type := Reject , User-password =~ "*"
           Reply-Message = "Invalid passwd for xyz(level 2)."

>>I can parse Reply-Message to determine the privilage. Is this the
>>right way to determine the user privilage?
>>3. For determining if the user is  a valid radius user, i will keep
>>this entry at the end in the /etc/raddb/users :
>>DEFAULT Auth-Type := Reject
>>            Reply-Message = "Invalid user"
> That's fine.
> Ivan Kalik
> Kalik Informatika ISP
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Thanks so much.

More information about the Freeradius-Users mailing list