users file ignored and still checks sql
Alan DeKok
aland at deployingradius.com
Tue Apr 24 13:44:17 CEST 2012
Paul Tinson wrote:
> The issue is I want to do a realm based auth for one realm and return some
> L2TP information.
> So in proxy.conf I have added the realm, in users I have added a user like
> this: realm and ip changed to protect the innocent
>
> DEFAULT Realm == "womble.co.nz", Auth-Type := Accept
That says "set Accept authentication during the authentication phase"
...
> [files] users: Matched entry DEFAULT at line 87
> ++[files] returns ok
> [sql] expand: %{Orcon-User-Name} ->
That's what's supposed to happen.
> I would have thought this configuration should result in the users file
> being scanned and then returning Auth-Type: Accept and not then processing
> the sql authorize module.
No.
> Have I missed something simple, or does this config look right.
The configuration is wrong. Setting "Auth-Type = Accept" doesn't mean
"stop authorization". It means "use Accept authentication"
If you want to avoid processing the SQL module, use module-failover,
or "unlang". See "man unlang"
authorize {
...
files {
ok = return
}
sql
...
}
Alan DeKok.
More information about the Freeradius-Users
mailing list