Respond with access-accept when password incorrect
Matthew Newton
mcn at freeradius.org
Thu Feb 9 09:55:42 UTC 2023
On 09/02/2023 08:25, Steven Walters wrote:
> I just would like to understand why (purpose) one needs to set 'reject=1'?
> If I remove the statement the policy doesn't work.
The default action for "reject" is to immediately return. So, if the pap
module returns "reject", processing of the Auth-Type PAP section stops
at that point.
Updating the "reject" action to priority 1 means that it no longer
returns, but returns the "reject" result code. The following "if" can
then check the code that was returned and do something.
It's explained at https://wiki.freeradius.org/config/Fail%20over
--
Matthew
More information about the Freeradius-Users
mailing list