Howto Authenticate Undefined Users

Szymon Roczniak simon at dischaos.com
Wed Sep 9 18:45:41 CEST 2009


On Wed, Sep 09, 2009 at 05:10:46PM +0200, Matthias Cramer wrote:
[..]
> Normal Users get authenticated normaly, get Static or dynamic ip's and so on.
> User not in the sql database should get assigned a vrf group and a ip pool for assigning ip's
> (I know how to do that with Cisco-AVPairs).

I'm not sure this is the right way of doing it (and I'd love to see the right
one) but something like this worked for me:

(in authenticate section, assuming you're doing CHAP):

Auth-Type CHAP {
    chap {
        ok = return
        reject = 1
    }

    if (reject) {
        update reply {
            Filter-Id := "somefilter"
            Filter-Id += "someotherfilter"
            ...
        }
        ok
    }
}


-- 
szymon roczniak
simon at dischaos.com



More information about the Freeradius-Users mailing list