Can FreeRADIUS retry authentication with another Active Directory after Post-Auth-Type REJECT
Alan DeKok
aland at deployingradius.com
Sun Jun 10 04:43:14 CEST 2018
On Jun 9, 2018, at 8:40 PM, Peter Drucker <druckers at gmail.com> wrote:
> What I'm trying to do is something like this. Obviously it's not working
> with the error as:
>
> /home/users/radius/raddb/sites-enabled/nac-server[63]: Subsection of module
> instance call not allowed
> /home/users/radius/raddb/sites-enabled/nac-server[62]: Failed to parse
> "mschap" subsection.
See "man unlang". You can't just out random things in the config and expect them to do what you want.
>
> authenticate {
> Auth-Type MS-CHAP {
> mschap { ==> line 62
mschap is a module. If you do "mschap { ...}" the *only* allowed contents of the {...} block are failure codes and priorities.
> if (notfound) { ==> line 63
Instead of explaining what you've done, maybe you can explain what you're trying to do. i.e. what you *want* to happen.
> policy {
> if (handled) {
> mschap
So "mschap" is inside of the "mschap" section?
That doesn't make sense...
Alan DeKok.
More information about the Freeradius-Users
mailing list