attribute checking in the session REJECT
Alan DeKok
alan.dekok at inkbridge.io
Wed Sep 10 17:38:31 UTC 2025
On Sep 10, 2025, at 6:01 AM, Can Paçacı <pacaci at servisnet.com.tr> wrote:
> In the authorize section, I check the username and password and print the relevant Reply-Message as in the followings. I works.
That's not really what you want to do. The SQL module will never return "reject" in the "authorize" section.
This should work better:
authorize {
..
sql
if (notfound) {
update reply {
Reply-Message := "Please check your Username"
}
reject
}
> Then, for those who reject, I check the NAS-Identifier in the "Post-Auth-Type REJECT" section. If the NAS-Identifier is incompatible according to the racheck table, I print a "wrong NAS" message. Ok so far.
>
> However, if the NAS-Identifier is not in the radcheck table, the NAS-Identifier should not check, if the password is incorrect, I want a "wrong password" error. I couldn't do this.
I'm not sure what that means.
Write it out what you want as complete sentences. You should be able to then convert it to unlang fairly easily.
Alan DeKok.
More information about the Freeradius-Users
mailing list