On Mon, 17 Jan 2005, Robert Tarrall wrote:
HOWEVER - we're now accepting everyone, even when the authorize module returns notfound. That's not what we want.
From radiusd.conf:
authorize { preprocess suffix autztype ecentralldap { ecentralldap } autztype exampleldap { exampleldap } files } authenticate { }
From users:DEFAULT Realm == "ecentral.com", Autz-Type := ecentralldap, Auth-Type := Accept Fall-Through = Yes
DEFAULT Realm == "example.com", Autz-Type := exampleldap, Auth-Type := Accept Fall-Through = Yes
And from the log:
modcall[authorize]: module "ecentralldap" returns notfound modcall: group autztype returns notfound rad_check_password: Found Auth-Type Accept rad_check_password: Auth-Type = Accept, accepting the user
Is there a way to ensure that Auth-Type is set to 'Accept' ONLY if authorize returns 'ok'? Or some other way of accomplishing what I'm after?
In recent freeradius versions you can use:
autztype ecentralldap {
ecentralldap{
notfound = reject
}
}-- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
