We are getting unexpected behavior from FreeRADIUS 2.2.x (built from current git).
We want to check if a user is BLOCKED first, and only then do we want to perform some other checks. Our current config looks like this: authorize { #auth_log # uncomment for debugging # try to rewrite calling station ID to be sane rewrite_calling_station_id rewrite_username_lowercase # set VLANs for infected or tempsuspension roles IPSblocks_SQL { # handle failures notfound = 999 reject = 999 } switch reply:RU-block-description { case "infected" { if(Airespace-Wlan-Id){ update reply { Cisco-AVPair += "url-redirect=http://ruwireless.rutgers.edu/index.php?page=infected" Airespace-ACL-Name = "Cisco_infected" } } else { update reply { # try VLAN assignment Tunnel-Type := "VLAN" Tunnel-Medium-Type := "IEEE-802" Tunnel-Private-Group-Id := 1666 } } # force accept regardless of password update control { Auth-Type := "Accept" } ok } case "tempsus" { update reply { # try VLAN assignment Tunnel-Type := "VLAN" Tunnel-Medium-Type := "IEEE-802" Tunnel-Private-Group-Id := 1666 } # force accept regardless of password update control { Auth-Type := "Accept" } ok } # default is to do nothing } <BUNCH OF OTHER UNLANG CODE> The IPSblocks_SQL does set RU-block description correctly, and the case statement behaves as expected. We want to stop executing the <BUNCH OF UNLANG CODE> in the first two cases ("infected" and "tempsus"), effectively doing something like a return. I've read the documentation a hundred times and can't figure out how to do what I want - everything I've tried doesn't work. If someone could give me a simple hint to point me in the right direction it would be greatly appreciated. -- Bruce Bruce Bauman - Systems Administrator Rutgers University Office of Information Technology Campus Computing Services - Central Systems and Services Office ~ (848) 445-6363
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html