Paul Tinson wrote: > The issue is I want to do a realm based auth for one realm and return some > L2TP information. > So in proxy.conf I have added the realm, in users I have added a user like > this: realm and ip changed to protect the innocent > > DEFAULT Realm == "womble.co.nz", Auth-Type := Accept
That says "set Accept authentication during the authentication phase" ... > [files] users: Matched entry DEFAULT at line 87 > ++[files] returns ok > [sql] expand: %{Orcon-User-Name} -> That's what's supposed to happen. > I would have thought this configuration should result in the users file > being scanned and then returning Auth-Type: Accept and not then processing > the sql authorize module. No. > Have I missed something simple, or does this config look right. The configuration is wrong. Setting "Auth-Type = Accept" doesn't mean "stop authorization". It means "use Accept authentication" If you want to avoid processing the SQL module, use module-failover, or "unlang". See "man unlang" authorize { ... files { ok = return } sql ... } Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html