How to prevent FreeRADIUS to send Access-Reject if Username not found
Alan DeKok
aland at deployingradius.com
Mon Apr 8 17:31:23 CEST 2019
On Apr 8, 2019, at 8:20 AM, nikolaos.hatzepanagiotides at iese.fraunhofer.de wrote:
>
> Hello, dear community!
> I am struggeling on prevent freeradius to send a access-reject if the user does not exist in the LDAP-Database.
>
> I did already query if user exist or not and send reply-message “uid not found” but instead I want to send absolutely nothing.
> But I get Access-Reject because ldap can’t find the uid and set Auth-Type to nothing, so freeradius say “ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject”
That's the default.
> Is there any way to tell freeradius to send no reject if user not found? Only if authentication fail because of invalid password, not non-existing username?
That is a very bad idea. If the NAS sends packets to the server, and the server doesn't respond, then the NAS thinks that the server is dead.
Don't do this.
Or, explain *why* you need to do this, and *why* you think it will work.
Alan DeKok.
More information about the Freeradius-Users
mailing list