Respond with access-accept when password incorrect

Matthew Newton mcn at freeradius.org
Thu Feb 9 09:55:42 UTC 2023



On 09/02/2023 08:25, Steven Walters wrote:
> I just would like to understand why (purpose) one needs to set 'reject=1'?
> If I remove the statement the policy doesn't work.

The default action for "reject" is to immediately return. So, if the pap 
module returns "reject", processing of the Auth-Type PAP section stops 
at that point.

Updating the "reject" action to priority 1 means that it no longer 
returns, but returns the "reject" result code. The following "if" can 
then check the code that was returned and do something.

It's explained at https://wiki.freeradius.org/config/Fail%20over

-- 
Matthew


More information about the Freeradius-Users mailing list