On 26 Sep 2011, at 17:27, andreapepa wrote: > http://freeradius.1045715.n5.nabble.com/file/n4841780/putty4.log putty4.log > > In the attached file the complete log, didn't noticed before that the > process was so long..
A notfound return code in the authorize section means continue with a priority of 1. The EAP module runs after the SQL module and returns handled. A handled return code in the authorize section means return and so the notfound return code is never processed. If you want the server to stop processing the request if the user isn't found in the SQL database, rewrite the notfound return code to reject. sql { notfound = reject } Unfortunately there's no way to signal the EAP module to send an EAP fail, so you have to do it manually... Add the following to policy.conf policy { eap_failure { if(EAP-Message =~ /^..([0-9a-f]{2})/i){ update reply { EAP-Message := "0x04%{1}0004" } } } ... } The add a call in post-auth { post-auth-type REJECT { eap_failure } } That rewrites the EAP message returned with the reject to be a 'fail' with the correct ID field value. Extremely hacky, but it works, and is the only way to do it currently... -Arran Arran Cudbard-Bell a.cudba...@freeradius.org Betelwiki, Betelwiki, Betelwiki.... http://wiki.freeradius.org/ ! - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html