1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
|
.\" # DS - begin display
.de DS
.RS
.nf
.sp
..
.\" # DE - end display
.de DE
.fi
.RE
.sp
..
.TH rlm_always 5 "10 January 2015" "" "FreeRADIUS Module"
.SH NAME
rlm_always \- FreeRADIUS Module
.SH DESCRIPTION
The \fIrlm_always\fP module provides a simple way to "always" return a
value during the processing of a configuration section.
.PP
The main configuration item is \fIrcode\fP, which sets the return code that
this instantiation of the module will return. The default, if none
specified, is 'fail'.
.PP
The valid options for rcode are as follows:
.RS
.TP
reject
reject the user;
.IP fail
a failure has occurred;
.IP ok
success;
.IP handled
the request has been handled: processing should be stopped and the response
sent;
.IP invalid
request is invalid;
.IP userlock
the user account has been locked out;
.IP notfound
the user account cannot be found;
.IP noop
no-op: nothing has happened;
.IP updated
the request has been updated.
.RE
.SH CONFIGURATION
.PP
.IP "rcode = <code>"
This module will always return with the code specified, as listed in the
table above. If unspecified, the default is 'fail'.
.IP "simulcount = <n>"
If this module is used in the session{} section, the simulcount option
simulates the user having 'n' current sessions. The default is to not
override the number of sessions.
.IP "mpp = <yes|no>"
If set to yes, and this module is used in the session{} section, this
simulates the user having multilink sessions. The default is 'no'.
.PP
.SH EXAMPLE
.PP
.DS
modules {
...
.br
# instantiate the "always" module with the name "ok"
.br
always ok {
.br
# return code for this instantiation is "ok":
.br
rcode = ok
.br
}
.br
...
.br
}
.br
.br
authorize {
...
.br
redundant {
sql1 # try to find the user in sql1
.br
sql2 # try to find the user in sql2
.br
# the default here would be to fail, but...
.br
ok # if still not found, it's OK.
.br
}
...
.br
}
.DE
.SH SECTIONS
.BR authorization,
.BR authentication,
.BR postauthentication,
.BR preaccounting,
.BR accounting,
.BR preproxy,
.BR postproxy
.PP
.SH FILES
.I /etc/raddb/mods-available/always
.PP
.SH "SEE ALSO"
.BR radiusd (8),
.BR radiusd.conf (5),
.BR unlang (5)
.PP
Further details of how module return codes operate can be found at <http://wiki.freeradius.org/config/Fail-over>.
.SH AUTHOR
Chris Parker <cparker@segv.org>, Matthew Newton
<matthew@newtoncomputing.co.uk>.
|