Update_Control and Update_Reply in Post-Auth-Type = Reject
Alan DeKok
aland at deployingradius.com
Mon Feb 8 16:52:24 CET 2021
On Feb 8, 2021, at 9:26 AM, Aurélio de Souza Ribeiro Neto <netolistas at mpc.com.br> wrote:
> I want to Update_Control and Update_Reply for rejected users (not in my database).
>
> My Users are coming from PAP Authentication method.
>
> If the users are not in my Database, I want to give an IP from a specific Pool to this users.
Then you have to turn a reject into accept. You can't assign IPs in an Access-Reject packet.
And the server can't turn an Access-Reject into an Access-Accept. You have to catch the error earlier in the process.
> I did this in my default file in Post-Auth-Type REJECT session but this settings are not Working
>
> Post-Auth-Type REJECT {
> ...
> update control {
> Pool-Name := "mkt_pool"
> }
>
> update reply {
> Mikrotik-Rate-Limit := "2M/2M"
> Framed-IP-Address !* ANY
> }
None of that runs the IP pool module to assign IPs.
> Take a Look in my DEBUG output:
Yes!
> Ready to process requests
> ...
> (0) [sql] = notfound
That's the key. Note also that the user *isn't* being rejected. The user is unknown!
> How can I solve this?
In the "authorize" section, check for users who are not found:
authorize {
...
sql
if (notfound) {
... assign users from a different pool ...
accept # force authentication to succeed
}
...
}
That should work.
Alan DeKok.
More information about the Freeradius-Users
mailing list