attribute checking in the session REJECT
Can Paçacı
pacaci at servisnet.com.tr
Wed Sep 10 10:01:48 UTC 2025
Hi,
In the authorize section, I check the username and password and print
the relevant Reply-Message as in the followings. I works.
authorize {
..
sql{
notfound = 1
reject = 2
}
if(notfound){
update reply { Reply-Message := "Please check your Username" }
reject
}
if(reject){
update reply { Reply-Message := "%{reply:Reply-Message} Wrong
Password" }
reject
}
..
}
Then, for those who reject, I check the NAS-Identifier in the
"Post-Auth-Type REJECT" section. If the NAS-Identifier is incompatible
according to the racheck table, I print a "wrong NAS" message. Ok so far.
However, if the NAS-Identifier is not in the radcheck table, the
NAS-Identifier should not check, if the password is incorrect, I want a
"wrong password" error. I couldn't do this.
Post-Auth-Type REJECT {
....
if (&NAS-Identifier != "%{sql:SELECT value FROM radcheck WHERE
Username = '%{User-Name}' and attribute='NAS-Identifier'}") {
update reply {
Reply-Message = "%{Reply-Message} Wrong NAS,
NAS:%{NAS-Identifier}"
}
}
update reply {
Reply-Message = "%{reply:Reply-Message} Wrong Password."
# Reply-Message := "Wrong Password.."
}
..
}
Could you please help me how to fix it.
Regards
More information about the Freeradius-Users
mailing list