Jason Antman wrote: > I'm running FreeRADIUS 2.1.7 on CentOS 5, and trying to configure MAC > Auth Bypass. I got everything functioning correctly using the Mac-Auth > Wiki page as a guide, including placement of the actual CSID > authentication code in the post-auth section. However, I just enabled > SQL in the post-auth section, and everything is getting logged to SQL > with reply Access-Accept, even if it matched the "reject" statement.
I don't see how that is possible. Are you sure you know what it's doing? Have you run the server in debugging mode? > It seems to me that it's pretty logical that post-auth would be entered > with Auth-Type == Access-Accept, the SQL log would happen, and *then* > the "reject" statement would get executed That makes no sense. "If it's accept, it runs reject" ? >. What I don't understand is > why I shouldn't move the actual authentication > (authorized_macs.authorize) to the auth { } section, or else how I go > about logging rejected requests. I have no idea what that means. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html