How to Terminate inner-tunnel Execution after Reject?
aland at deployingradius.com
Sat Nov 28 16:34:29 CET 2020
On Nov 28, 2020, at 12:23 AM, Mike Ruebner <freeradius at machichemicals.com> wrote:
> I am rejecting PEAP requests from specific AVPs in my inner-tunnel 'authorize' section. That's pretty much it, but those rejects still hit 'post-auth', where I have to specifically exclude them from a lockout counter. Is there a way to, for lack of better words, gracefully 'exit' inner-tunnel from my PEAP-reject module? Meaning, no execution of sections further down the food chain (ie., authenticate, post-auth).
There's no way to stop that state machine. But, once you reject a user, it skips the "authenticate" section. And, runs the "Post-Auth-Type Reject" sub-section of "post-auth".
You might need to upgrade. In some older versions it didn't run "Post-Auth-Type Reject" in the inner tunnel.
More information about the Freeradius-Users