Send Access-Reject when user does not match any group?
A.L.M.Buxey at lboro.ac.uk
A.L.M.Buxey at lboro.ac.uk
Mon Jan 14 10:53:58 CET 2013
Hi,
> Hi,
> Is there a way to configure FreeRadius 2.1.10 to send Access-Reject
> on users which don't match any of the defined groups?
>
> I tried with:
> DEFAULT Group-Name !* "", Auth-Type := Reject
> Reply-Message = "Account rejected.",
> Fall-Through = No
>
> and
>
> DEFAULT Group !* "", Auth-Type := Reject
> Reply-Message = "Account rejected.",
> Fall-Through = No
>
> as the last and only rule in "users" but it isn't working,
> freeradius still sends Access-Accept, even if the user does not
> match any groups.
if the ONLY thing falling through to the end is incorrect stuff (ie you have
already dealt with group entries correctly above so they dont fall through then
DEFAULT Auth-Type := Reject
Reply-Message = "No group defined, Request rejected!"
alan
More information about the Freeradius-Users
mailing list