Hello Paul -
On Wed, 15 Sep 1999, Paul van der Zwan wrote:
> I will need to implement some policies on a radiator server which will
> require rejecting the session even tho the user would be a valid user, i.e.
> rejecting a certain user but only if the caller-id is blank.
>
> The most suitable way I could think of is in a PreAuthHook.
> But I haven't been able to find docs on how to reject directly from
> the PreAuthHook and avoid any further processing like ldap lookups.
>
You could also do something like this:
# Set up a Handler to match on blank Calling-Station-Id
<Handler Calling-Station-Id = "">
<AuthBy FILE>
Filename %D/reject.users
</AuthBy>
</Handler>
and in the file reject.users:
# This DEFAULT entry will cause all users to be Rejected
DEFAULT Auth-Type = Reject
Note that the order of execution of Handlers is important, and that you should
not mix Realms and Handlers in the same configuration file. In other words, if
you are already using Realms, you should change them to Handlers. And the order
of execution of Handlers is in the order in which they appear in the
configuration file, therefore the more restrictive Handlers should appear
before the more general ones.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
