How to Reject User During Authentication
Alan DeKok
aland at deployingradius.com
Fri Aug 11 14:37:22 CEST 2017
On Aug 11, 2017, at 2:10 PM, Selahattin Cilek <selahattin_cilek at hotmail.com> wrote:
>
> Doing this did the trick:
>
> if ("%{sql: SELECT locked FROM `usage` WHERE user_name =
> '%{User-Name}'}" == "1" ) {
> reject
> }
>
> Now there are no "Login OK"s in the log.
That's good.
> Thank you very much.
>
> But I'd still like to know how to make the script run *before*
> authentication. I haven't found anything of much help in the exec module.
Copy the exec file to a file called "datacounter", and then edit it:
exec datacounter {
wait = yes
input_pairs = request
shell_escape = yes
output = none
timeout = 10
program = "/path/to/datacounter.sh"
}
And then put "datacounter" into the "authorize" section.
It will run your program, and the request attributes will be in environment variables.
Alan DeKok.
More information about the Freeradius-Users
mailing list