Freeradius 3. How to stop processing when ldap got the successful match.

Alan DeKok aland at deployingradius.com
Mon Aug 24 13:22:53 CEST 2020


On Aug 24, 2020, at 5:44 AM, Ramon Escribà Lemiña <escriba at cells.es> wrote:
> in my old working freeradius 2.1, on /etc/raddb/sites-available/default, in authorize section I have an ldap
> 
> declaration to allow a successful match to stop any extra authorization process.
> 
> So only gets the actual attributes got from ldap to answer the query discarding adding  other/default new ones stored in users files.
> 
> "files" is after "ldap" in this case.
> 
>     VLANxxx {
>         ok = return
>     }
> 
> On freeradius 3.0.17 this seems now working anymore, so it finally add the default "users" file attributes. "files" is the last catch all too here.

  That should work.  It works here in the latest code, and we have automated tests for it in src/tests/keywords/ok-return.  And that test hasn't changed since at least 3.0.17.

> How can I tell freeradius 3 to stop processing, and get the already got ldap return values as the good ones??

  Show the full debug log.  Maybe something else is happening.

  Alan DeKok.




More information about the Freeradius-Users mailing list