redirecting REJECTed users

Arran Cudbard-Bell a.cudbardb at
Fri Feb 12 22:03:28 CET 2016

> On 12 Feb 2016, at 12:53, Alan Batie <alan at> wrote:
> I would like to send otherwise REJECTed users to a "suspended" ip pool
> and pass them.  When things get rejected, it seems to abort processing
> (e.g. if I stick a perl module after pap, it doesn't get called if pap
> rejects), and it doesn't look like you can make them OK in the
> Post-Auth-Type REJECT section.  Recommendations?

Do it in authenticate.

You can override the priority/actions of return codes on a module call by module call basis e.g.

authenticate {
	Auth-Type perl {
		perl {
			reject = 1
		if (reject) {
			# do extra things here

The NAS probably won't allow assignment unless you send back an accept though.


Arran Cudbard-Bell <a.cudbardb at>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <>

More information about the Freeradius-Users mailing list