Markus Krause wrote: > > but what if the Auth-Type is not set, for example in a perl module > (btw. how can i set the auth-type? that would solve my problem here!). > example: > we (will) have a wlan which can be used by all our users known in ldap > and we have additional accounts saved in sql, which can be given to > guests by our departments and research groups, these accounts are then > valid for a fixed (preset) number of days since their first usage. to > check this i wrote a small perl script which works. so for > authorization i use in radiusd.conf:
I'm obviously not understanding what you're trying to do. Auth-Type is meant solely to be a key that indicates to the server which module to call in the "authenticate" section to execute the authentication *algorithm*. The reason setting Auth-Type is so bad is that it breaks the ability for the server to correctly detect the algorithm and people don't understand why. Disabling an account is not part of the authentication algorithm, and should happen in the authorize section (ideally by setting the Expiration attribute built into FreeRadius, but there are cases where that's not applicable) I assume you're using the "mpi-sta" module to do something like: if not USERNAME in firstseen: firstseen[USERNAME] = now else: if now - firstseen[USERNAME] > VALIDTIME: return reject In which case they'll just get rejected during authorize and the mpi-sta module doesn't need to (and SHOULD NOT) appear in the authenticate section. > > ----- part of radiusd.conf > authorization { > Autz-Type WLAN { > group { > mpi-sta { > ok = return > } > redundant { > LdapUser1 > LdapUser2 > } > } > } > } > > authentication { > Auth-Type WLAN { > mpi-sta { > notfound = 1 > } > redundant { > LdapUser1 > LdapUser2 > } > } > } > ---- > > the Auth-Type is set in users according to the huntgroup of the wlan-switch as > the perl skript does not set auth-type (because i did not find any > documentation on how to set it) so i had to force auth-type to WLAN, > now it works. It seems a very complicated way of doing something very simple - I assume I am misunderstanding you. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html