redirecting REJECTed users

Arran Cudbard-Bell a.cudbardb at freeradius.org
Fri Feb 12 22:03:28 CET 2016


> On 12 Feb 2016, at 12:53, Alan Batie <alan at peak.org> wrote:
> 
> I would like to send otherwise REJECTed users to a "suspended" ip pool
> and pass them.  When things get rejected, it seems to abort processing
> (e.g. if I stick a perl module after pap, it doesn't get called if pap
> rejects), and it doesn't look like you can make them OK in the
> Post-Auth-Type REJECT section.  Recommendations?

Do it in authenticate.

You can override the priority/actions of return codes on a module call by module call basis e.g.

authenticate {
	Auth-Type perl {
		perl {
			reject = 1
		}
		if (reject) {
			# do extra things here
		}
	}
}

The NAS probably won't allow assignment unless you send back an accept though.

-Arran

Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS development team

FD31 3077 42EC 7FCD 32FE 5EE2 56CF 27F9 30A8 CAA2

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 872 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20160212/cf60e197/attachment.sig>


More information about the Freeradius-Users mailing list