Proxy Radius - Deny user based on username preproxy

Nathan M locu.lists at gmail.com
Fri Dec 30 20:28:49 CET 2011


To any freeradius guru,

I operate a proxy radius server which proxies requests downstream.  A
few particular usernames are repeating far more frequently than they
should and I have no way to eliminate this upstream.  I do need to
authenticate the users though and not deny them.  The goal would be to
authenticate them at the proxy level so it does not send the request
downstream at all.

Ideally an entry something to the tune of:
userx      Cleartext-Password := "xxx"
       Session-Timeout = 604800,
       Idle-Timeout = 604800,
       Acct-Interim-Interval = 4084,
       Fall-Through = No

I've reviewed and done dozens of attempts using the preproxy_users,
and users file (by trying with files above and below the suffix line
in authorize{}); however, none of my attempts have been successful.
The lines match when viewing debug; however, by entering anything
other than Auth-Type := Reject within the users file, the
authentication proceeds on it's merry way to the proxy process
downstream.

Any advice on a config which will accomplish this?

Thanks,

N



More information about the Freeradius-Users mailing list