Can FreeRADIUS retry authentication with another Active Directory after Post-Auth-Type REJECT

Alan DeKok aland at deployingradius.com
Sun Jun 10 04:43:14 CEST 2018


On Jun 9, 2018, at 8:40 PM, Peter Drucker <druckers at gmail.com> wrote:
> What I'm trying to do is something like this. Obviously it's not working
> with the error as:
> 
> /home/users/radius/raddb/sites-enabled/nac-server[63]: Subsection of module
> instance call not allowed
> /home/users/radius/raddb/sites-enabled/nac-server[62]: Failed to parse
> "mschap" subsection.

  See "man unlang".  You can't just out random things in the config and expect them to do what you want.

> 
> authenticate {
>    Auth-Type MS-CHAP {
>        mschap {                              ==> line 62

  mschap is a module.  If you do "mschap { ...}" the *only* allowed contents of the {...} block are failure codes and priorities.


>            if (notfound) {                   ==> line 63

  Instead of explaining what you've done, maybe you can explain what you're trying to do.  i.e. what you *want* to happen.

>                policy {
>                    if (handled) {
>                        mschap

 So "mschap" is inside of the "mschap" section?

  That doesn't make sense...

  Alan DeKok.




More information about the Freeradius-Users mailing list