[prev in list] [next in list] [prev in thread] [next in thread]
List: freeradius-users
Subject: Re: How to Terminate inner-tunnel Execution after Reject?
From: Alan DeKok <aland () deployingradius ! com>
Date: 2020-11-28 15:34:29
Message-ID: BEA19F47-0074-40C1-A611-B23CEF6D8B45 () deployingradius ! com
[Download RAW message or body]
On Nov 28, 2020, at 12:23 AM, Mike Ruebner <freeradius@machichemicals.com> wrote:
>
> I am rejecting PEAP requests from specific AVPs in my inner-tunnel 'authorize' \
> section. That's pretty much it, but those rejects still hit 'post-auth', where I \
> have to specifically exclude them from a lockout counter. Is there a way to, for \
> lack of better words, gracefully 'exit' inner-tunnel from my PEAP-reject module? \
> Meaning, no execution of sections further down the food chain (ie., authenticate, \
> post-auth).
There's no way to stop that state machine. But, once you reject a user, it skips \
the "authenticate" section. And, runs the "Post-Auth-Type Reject" sub-section of \
"post-auth".
You might need to upgrade. In some older versions it didn't run "Post-Auth-Type \
Reject" in the inner tunnel.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic