Check local before LDAP Authentication

Matteo Raffa matteo.raf at
Fri May 28 13:52:14 CEST 2021

I’ve found some old posts about this on the mailing list, but all of those were 10+ years old and using v1 or v2.

Further to that, I am using LDAP for authentication (Google doesn’t send passwords).

So, in my authorize {} I have set this before pap to set the proper auth method:

if (User-Password) {
    	update control {
        	Auth-Type := ldap

Now I believe that I should just need to add another condition to check for files module returning notfound code, so that it only sets ldap in case the user is not found in files, otherwise it will just go on to pap.

Something like 
if (User-Password && files == notfound) {...}

But I can’t find the correct way to do this check. What is the attribute name corresponding to “files module return code” that I should check?

I checked man unlang for that, but it only says that I can check for a module return code just after its execution.
It doesn’t tell anything about a variable storing each module’s return code.


More information about the Freeradius-Users mailing list