Proxy Radius - Deny user based on username preproxy
Alan DeKok
aland at deployingradius.com
Fri Dec 30 20:36:37 CET 2011
Nathan M wrote:
> I operate a proxy radius server which proxies requests downstream. A
> few particular usernames are repeating far more frequently than they
> should and I have no way to eliminate this upstream. I do need to
> authenticate the users though and not deny them. The goal would be to
> authenticate them at the proxy level so it does not send the request
> downstream at all.
>
> Ideally an entry something to the tune of:
> userx Cleartext-Password := "xxx"
> Session-Timeout = 604800,
> Idle-Timeout = 604800,
> Acct-Interim-Interval = 4084,
> Fall-Through = No
That should work.
> I've reviewed and done dozens of attempts using the preproxy_users,
> and users file (by trying with files above and below the suffix line
> in authorize{}); however, none of my attempts have been successful.
See the FAQ for "it doesn't work".
> The lines match when viewing debug; however, by entering anything
> other than Auth-Type := Reject within the users file, the
> authentication proceeds on it's merry way to the proxy process
> downstream.
>
> Any advice on a config which will accomplish this?
Read the debug output. It will tell you why it's being proxied.
Alan DeKok.
More information about the Freeradius-Users
mailing list