How to Reject User During Authentication

Selahattin Cilek selahattin_cilek at hotmail.com
Fri Aug 11 14:40:49 CEST 2017



On 11.08.2017 15:37, Alan DeKok wrote:
> On Aug 11, 2017, at 2:10 PM, Selahattin Cilek <selahattin_cilek at hotmail.com> wrote:
>> Doing this did the trick:
>>
>>      if ("%{sql: SELECT locked FROM `usage` WHERE user_name =
>> '%{User-Name}'}" == "1" ) {
>>          reject
>>      }
>>
>> Now there are no "Login OK"s in the log.
>    That's good.
>
>> Thank you very much.
>>
>> But I'd still like to know how to make the script run *before*
>> authentication. I haven't found anything of much help in the exec module.
>    Copy the exec file to a file called "datacounter", and then edit it:
>
> exec datacounter {
> 	wait = yes
> 	input_pairs = request
> 	shell_escape = yes
> 	output = none
> 	timeout = 10
> 	program = "/path/to/datacounter.sh"
> }
>
>    And then put "datacounter" into the "authorize" section.
>
>    It will run your program, and the request attributes will be in environment variables.

OK. Thank you very much.

Cheers.

>
>    Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus




More information about the Freeradius-Users mailing list