Ted Cabeen <[EMAIL PROTECTED]> wrote: > Right. But if you change the behavior of checkrad to always allow on > other, nothing happens because it's over-ridden in the code. If the > other nastype doesn't do anything, it either shouldn't be defined in > checkrad or there should be a comment there indicating that it never > gets run.
Ah, I see what you mean. > With "other" configured as it is, freeradius is a fail-deny system. > If the server can't confirm the login is duplicate, it rejects the > user, presuming the utmp file is correct. I want the opposite > behavior, where radius only denies a user when it's positively > confirmed that they're already logged in the maximum amount of times. > A config file option seems the best solution to me. So create a nas type of "fail-allow", and edit checkrad to always return 0 for that type. It should be ~3 lines of perl in checkrad, and because it isn't named "other", the server should call checkrad for it, and do what you want. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
