[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: Proxy Radius - Deny user based on username preproxy
From: Alan DeKok <aland () deployingradius ! com>
Date: 2011-12-30 19:36:37
Message-ID: 4EFE12C5.6030007 () deployingradius ! com
[Download RAW message or body]
Nathan M wrote:
> I operate a proxy radius server which proxies requests downstream. A
> few particular usernames are repeating far more frequently than they
> should and I have no way to eliminate this upstream. I do need to
> authenticate the users though and not deny them. The goal would be to
> authenticate them at the proxy level so it does not send the request
> downstream at all.
>
> Ideally an entry something to the tune of:
> userx Cleartext-Password := "xxx"
> Session-Timeout = 604800,
> Idle-Timeout = 604800,
> Acct-Interim-Interval = 4084,
> Fall-Through = No
That should work.
> I've reviewed and done dozens of attempts using the preproxy_users,
> and users file (by trying with files above and below the suffix line
> in authorize{}); however, none of my attempts have been successful.
See the FAQ for "it doesn't work".
> The lines match when viewing debug; however, by entering anything
> other than Auth-Type := Reject within the users file, the
> authentication proceeds on it's merry way to the proxy process
> downstream.
>
> Any advice on a config which will accomplish this?
Read the debug output. It will tell you why it's being proxied.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic