Behaviour of multiple sequenced authorization modules ?

Robert Roll Robert.Roll at
Tue Mar 22 04:03:38 CET 2011

I'm a little new to freeradius.. Hmm.. I guess I made the assumption that a user notfound would actually
imply no authorization ? That doesn't seem to be the case ?

 So, I did the following...

    authorize {

          ldap1 {
            notfound = reject 

          ldap2 ( 
             notfound = reject  


    is this the correct way to do this ?



From: at [ at] On Behalf Of Robert Roll [Robert.Roll at]
Sent: Monday, March 21, 2011 4:23 PM
To: FreeRadius users mailing list
Subject: Behaviour of multiple sequenced authorization modules ?

  I would like to have multiple authorization modules invoked and then reject if
ANY do NOT authorize ?

 For instance..

   authorize {


 It appears if just one returns OK, then the subsequent authentication works.
 BTW.. The subsequent authentication is actually a PEAP/MSCHAPV2... Therefore,
the ldap modules are ONLY used for authorization...

Is there somewhere that discusses the various options on how to control the behaviour
when multiple authorization modules are involved ?



Robert Roll
Computer Professiona
University of Utah
Robert.Roll at
List info/subscribe/unsubscribe? See

More information about the Freeradius-Users mailing list