configurable fail-over in unlang or policy doesn't force return?
Zenon Mousmoulas
zmousm at noc.grnet.gr
Tue Aug 26 15:20:21 CEST 2014
Hi,
I had asked about something similar before, but this is different.
On 2014-07-16 21:09, Arran Cudbard-Bell wrote:
> [...]
>>> What would check_something be? Is it a module call? Or a condition or
>>> a subroutine?
>>
>> In this case I wanted to use such a policy in a switch/case statement
>> to call a specific eap module, see below. In general I suppose
>> anything one can do in a policy with unlang.
>>
>> eap_virtual {
>> switch "%{EAP-VHost-ID}" {
>> case abc {
>> eap_abc
>> }
>> case def {
>> eap_def
>> }
>> [...]
>> }
>> }
>>
>> Z.
>
> Then yes, see policy.d or policy.conf (in v2.0.x)
Forcing return within a policy doesn't seem to work; the return code
propagates correctly but processing doesn't stop.
policy {
eap_virtual {
switch "%{EAP-VHost-ID}" {
case abc {
eap_abc {
ok = return
}
}
case def {
eap_def {
ok = return
}
}
[...]
}
}
}
[...]
server inner-tunnel {
authorize {
[...]
eap_virtual
}
}
The same thing happens in unlang (in a block following a conditional
statement), e.g:
if (&User-Name) {
eap_abc {
ok = return
}
}
I'm not sure if this is by design? Using v3.0.x (not head but close).
Thanks,
Z.
More information about the Freeradius-Users
mailing list