unlang to customize error message
Christian Strauf
strauf at rz.tu-clausthal.de
Thu Apr 28 14:00:04 CEST 2016
>Is it possible via unlang to have Freeradius conditionally send "E=691" (in
>case authentication failure) based on a sql query?
>I believe this is quite tricky, but it'd really help us a lot.
Yes, that should work. You can write a policy and store it in some file in policy.d/ which does something like
update control {
&Tmp-Integer-1 := "%{sql:SELECT XXXXX FROM `XXXX` WHERE XXXX}"
}
(You could for example store a 0 for incompatible clients which need a rewrite of the reply message and a 1 for all other clients.)
You could call this policy which contains the SQL query in the appropriate section of your virtual server and if you need to send a reject you could do something like
if ( &control:Tmp-Integer-1 == 0 ) {
update reply {
Reply-Message := "..."
}
}
to set the Reply-Message to something else where necessary.
Christian
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 2172 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160428/ec991119/attachment.bin>
More information about the Freeradius-Users
mailing list