[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: How to Terminate inner-tunnel Execution after Reject?
From:       Alan DeKok <aland () deployingradius ! com>
Date:       2020-11-28 15:34:29
Message-ID: BEA19F47-0074-40C1-A611-B23CEF6D8B45 () deployingradius ! com
[Download RAW message or body]

On Nov 28, 2020, at 12:23 AM, Mike Ruebner <freeradius@machichemicals.com> wrote:
> 
> I am rejecting PEAP requests from specific AVPs in my inner-tunnel 'authorize' \
> section. That's pretty much it, but those rejects still hit 'post-auth', where I \
> have to specifically exclude them from a lockout counter. Is there a way to, for \
> lack of better words, gracefully 'exit' inner-tunnel from my PEAP-reject module? \
> Meaning, no execution of sections further down the food chain (ie., authenticate, \
> post-auth).

  There's no way to stop that state machine.  But, once you reject a user, it skips \
the "authenticate" section. And, runs the "Post-Auth-Type Reject" sub-section of \
"post-auth".

  You might need to upgrade.  In some older versions it didn't run "Post-Auth-Type \
Reject" in the inner tunnel.

  Alan DeKok.


-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html


[prev in list] [next in list] [prev in thread] [next in thread]