Howto Authenticate Undefined Users

Szymon Roczniak simon at
Wed Sep 9 18:45:41 CEST 2009

On Wed, Sep 09, 2009 at 05:10:46PM +0200, Matthias Cramer wrote:
> Normal Users get authenticated normaly, get Static or dynamic ip's and so on.
> User not in the sql database should get assigned a vrf group and a ip pool for assigning ip's
> (I know how to do that with Cisco-AVPairs).

I'm not sure this is the right way of doing it (and I'd love to see the right
one) but something like this worked for me:

(in authenticate section, assuming you're doing CHAP):

Auth-Type CHAP {
    chap {
        ok = return
        reject = 1

    if (reject) {
        update reply {
            Filter-Id := "somefilter"
            Filter-Id += "someotherfilter"

szymon roczniak
simon at

More information about the Freeradius-Users mailing list