what would cause sql to return reject response?

Alan DeKok aland at deployingradius.com
Mon Feb 11 16:37:42 CET 2019

On Feb 11, 2019, at 10:23 AM, Bipin Patel via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
> i have the below in authorize
>    sql {
>        notfound = 1
>        reject = 2
>    }
> but the reject response is never generated from the sql module,

  Because the SQL module does not authenticate a user.  SQL is a database.  FreeRADIUS just looks the user up in the database.  The answer is either "yes, the user is there" or "no such user in the database".

> if the username doesnt match it generates the notfound and if password doesnt match the pap module rejects the request and sql responds ok but what i want is the sql module to generate the reject response.


  This is the typical issue of you have a solution in mind, and you're wondering how to implement it.  And, why the server doesn't behave the way you expect.

  You should instead discuss the *problem* you're having.  Why is it important for "sql" to reject the user, instead of "pap" ?

> can anyone guide me under what circumstances does the sql module generate a reject response coz i tried setting Auth-Type attribute to reject but still sql doesnt generate reject

  The SQL module never rejects a user.

  You might have 4 different databases for users.  It is *wrong* for the SQL module to reject a user.

  Alan DeKok.

More information about the Freeradius-Users mailing list