How to Reject User During Authentication
Selahattin Cilek
selahattin_cilek at hotmail.com
Fri Aug 11 14:40:49 CEST 2017
On 11.08.2017 15:37, Alan DeKok wrote:
> On Aug 11, 2017, at 2:10 PM, Selahattin Cilek <selahattin_cilek at hotmail.com> wrote:
>> Doing this did the trick:
>>
>> if ("%{sql: SELECT locked FROM `usage` WHERE user_name =
>> '%{User-Name}'}" == "1" ) {
>> reject
>> }
>>
>> Now there are no "Login OK"s in the log.
> That's good.
>
>> Thank you very much.
>>
>> But I'd still like to know how to make the script run *before*
>> authentication. I haven't found anything of much help in the exec module.
> Copy the exec file to a file called "datacounter", and then edit it:
>
> exec datacounter {
> wait = yes
> input_pairs = request
> shell_escape = yes
> output = none
> timeout = 10
> program = "/path/to/datacounter.sh"
> }
>
> And then put "datacounter" into the "authorize" section.
>
> It will run your program, and the request attributes will be in environment variables.
OK. Thank you very much.
Cheers.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
---
This email has been checked for viruses by Avast antivirus software.
https://www.avast.com/antivirus
More information about the Freeradius-Users
mailing list