logica de aprobacion ejecutandose, no se evalua siempre

2025-09-26 14:53:08 -06:00
parent 142b683357
commit d748b6020e
2 changed files with 19 additions and 1 deletions
--- a/freeradius/sites-enabled/inner-tunnel
+++ b/freeradius/sites-enabled/inner-tunnel
@@ -8,6 +8,10 @@ server inner-tunnel {
    authorize {
        # Cargar credenciales/atributos del usuario desde SQL
        sql
+        # Si está deshabilitado en SQL, rechazar antes de EAP
+        if ("%{sql:SELECT COUNT(*) FROM radcheck WHERE username='%{User-Name}' AND attribute='Auth-Type' AND value='Reject'}" != "0") {
+            reject
+        }
        # En caso de que el módulo SQL no haya poblado Cleartext-Password, obténlo vía xlat
        update control {
            Cleartext-Password := "%{sql:SELECT value FROM radcheck WHERE username='%{User-Name}' AND attribute='Cleartext-Password' ORDER BY id DESC LIMIT 1}"
@@ -32,6 +36,9 @@ server inner-tunnel {
        Auth-Type MS-CHAP {
            mschap
        }
+        Auth-Type Reject {
+            reject
+        }
    }

    post-auth {