rlm_perl and checksimul

Alan DeKok aland at deployingradius.com
Mon Apr 27 14:05:23 CEST 2015


On Apr 27, 2015, at 2:16 AM, d tbsky <tbskyd at gmail.com> wrote:
>    I know why. I didn't understand the whole procedure. I should set
> up attribute "Simultaneous-Use" so freeradius would call checksimul.
> so I setup below at  "default" site  "authorize" section:

  Yes, it only checks Simultaneous-Use if you tell it to do that.

> 1. the checksimul code runs after authentication. I would prefer not
> doing authentication at all if I already know this login is invalid.
> if possible checksimul should run before authentication.

  Then change the code.

> 2. although checksimul return "RLM_MODULE_REJECT", nas still get
> "Access-Accept" (which comes from success authentication). I have
> found similar report at email list. I guest I need to change some
> internal variable so freeradius know it is now "Access-Reject".

  Then read the debug output to see why.

>  if checksimul runs after authentication by design, I think my best
> place to put the checking code is at "authorize" section.  but in one
> EAP connection, the "authorize" section runs many times, which means
> my checking code runs many times.
> 
>  may I ask what is the best method to let the module runs only once
> at "authorize" section?

  In v3, see "man unlang" and look for "session-state"

  Alan DeKok.



More information about the Freeradius-Users mailing list