I've semi-sorted it by setting a Reply-Message and then using Unlang to lookup that message a bit ugly, but it works.
In my post-auth section I have: files if ("%{reply:Reply-Message}" == "Reject") { reject } And in the postauth_users I have: DEFAULT Auth-Type := Reject Reply-Message = "Reject" Which gives me this in the trace: ++[files] returns ok ++? if ("%{reply:Reply-Message}" == "Reject") expand: %{reply:Reply-Message} -> Reject ? Evaluating ("%{reply:Reply-Message}" == "Reject") -> TRUE ++? if ("%{reply:Reply-Message}" == "Reject") -> TRUE ++- entering if ("%{reply:Reply-Message}" == "Reject") {...} +++[reject] returns reject ++- if ("%{reply:Reply-Message}" == "Reject") returns reject Using Post-Auth-Type Reject +- entering group REJECT {...} ++[reject] returns reject Sending Access-Reject of id 76 to 192.168.143.72 port 2747 Reply-Message = "Reject" On Mon, Aug 9, 2010 at 3:36 PM, Peter Lambrechtsen <plambrecht...@gmail.com>wrote: > Using FreeRadius 2.1.7 and trying to get the postauth_users to return an > access reject however it always seems to return either a noop or ok. > > This is what I get in my radiusd -X trace: > > [files] postauth_users: Matched entry DEFAULT at line 30 > ++[files] returns ok > Sending Access-Accept of id 53 to 192.168.143.72 port 2503 > Reply-Message = "Your account has been disabled." > > And this is what is in my postauth_users file: > > DEFAULT Auth-Type := REJECT > Post-Auth-Type = Reject, > Reply-Message = "Your account has been disabled." > > Checking the rlm_files.c it seems that either ok or noop are the two > options returned: > > /* > * See if we succeeded. > */ > if (!found) > return RLM_MODULE_NOOP; /* on to the next module */ > > return RLM_MODULE_OK; > > Ideally I would assume if the Auth-Type := Reject then the return should be > "RLM_MODULE_REJECT". > > Since otherwise I think I will need to lookup if the Reply-Message is set > to disabled, and then do a reject. > > I'm no C developer hence why I am not offering up a patch, but I might try > and see how difficult it would be. > > Cheers > > Peter > >
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html