Duplicate "object" definition
Alex Zetaeffesse
fzetafs at gmail.com
Sun Nov 3 21:05:36 UTC 2024
Hi all,
I apologize if I don't use the right terminology.
I'm playing/testing with 3.2.6 to better understand how freeradius behaves
when finding duplicate definitions.
I created a copy of the filter policy, calling it policy.d/filter2 and I
defined the object/policy filter_username in this way:
filter_username {
if (&User-Name) {
reject
}
}
Now, when in the directory policy.d I only have the file filter2, I always
get the expected Access-Reject, if I just have the default file filter I
get Access-Accept (the user is correctly configured in the file users).
If I have both files (filter and filter 2), when I launch radiusd -X I get,
the file filter is loaded first and then the file filter2
...
*including configuration file /etc/freeradius/policy.d/filter <<<*including
configuration file /etc/freeradius/policy.d/operator-name
including configuration file /etc/freeradius/policy.d/eap
including configuration file /etc/freeradius/policy.d/debug
including configuration file /etc/freeradius/policy.d/accounting
*including configuration file /etc/freeradius/policy.d/filter2 <<<*
...
and I always get Access-Accept.
How are duplicate objects treated? Is the first definition that's retained
or the last? From my experiment it seems the first is retained.
May you please confirm?
Regards,
Alex
More information about the Freeradius-Users
mailing list