Peter Lambrechtsen wrote: > Using FreeRadius 2.1.7 and trying to get the postauth_users to return an > access reject however it always seems to return either a noop or ok. .. > And this is what is in my postauth_users file: > > DEFAULT Auth-Type := REJECT > Post-Auth-Type = Reject,
Hmm... you are trying to change the *authentication* type to reject after the *authenticate* section has been executed. This won't work. > Ideally I would assume if the Auth-Type := Reject then the return should > be "RLM_MODULE_REJECT". No. Setting "Auth-Type := Reject" is useful ONLY in the "authorize" section, *before* the "authentication" section has been run. It doesn't reject the user immediately. Instead, it tells the server to run the "reject" authentication method. > Since otherwise I think I will need to lookup if the Reply-Message is > set to disabled, and then do a reject. No. If you want the post-auth section to return "reject", just put "reject" into the list of modules to be run: post-auth { ... reject ... } See "man unlang" for details. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html