[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-users
Subject:    Re: Respond with access-accept when password incorrect
From:       Matthew Newton via Freeradius-Users <freeradius-users () lists ! freeradius ! org>
Date:       2023-02-09 9:55:42
Message-ID: 9faf1939-f19f-100a-3427-7ca1e5d25463 () freeradius ! org
[Download RAW message or body]



On 09/02/2023 08:25, Steven Walters wrote:
> I just would like to understand why (purpose) one needs to set 'reject=1'?
> If I remove the statement the policy doesn't work.

The default action for "reject" is to immediately return. So, if the pap 
module returns "reject", processing of the Auth-Type PAP section stops 
at that point.

Updating the "reject" action to priority 1 means that it no longer 
returns, but returns the "reject" result code. The following "if" can 
then check the code that was returned and do something.

It's explained at https://wiki.freeradius.org/config/Fail%20over

-- 
Matthew
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
[prev in list] [next in list] [prev in thread] [next in thread]