Changing the default behavior of commands can be done by
using the hash attribute request. There is a similar attribute for responses called response. These hashes are indexed by the type of the request/response. The possible values of these hashes are shown in the tables below. See Section 2.1, Policies for requests and responses for details.
| Action | Description |
|---|---|
| RADIUS_REQ_ACCEPT | Allow the request to pass. |
| RADIUS_REQ_REJECT | Block the request and report it to the client. |
| RADIUS_REQ_ABORT | Terminate the connection. |
| RADIUS_REQ_DROP | Block the request without further action. |
| RADIUS_REQ_POLICY | Call the function specified to make a decision about the event. See Section 2.1, Policies for requests and responses for details. |
Table 4.55. Action codes for RADIUS requests
| Action | Description |
|---|---|
| RADIUS_RSP_ACCEPT | Allow the response to pass. |
| RADIUS_RSP_REJECT | Block the response and report it to the client. |
| RADIUS_RSP_ABORT | Terminate the connection. |
| RADIUS_RSP_DROP | Block the response without further action. |
| RADIUS_RSP_POLICY | Call the function specified to make a decision about the event. See Section 2.1, Policies for requests and responses for details. |
Table 4.56. Action codes for RADIUS responses
Similar policies can be defined for RADIUS attributes. For easier use, predefined constants are available for the different attributes. The possible actions on the attributes are listed in the following table. The attribute constants are listed in Table A.3, RADIUS Protocol Attribute types described in RFC 2865. .
| Action | Description |
|---|---|
| RADIUS_ATR_ACCEPT | Allow the attribute to pass. |
| RADIUS_ATR_REJECT | Block the attribute and report it to the client. |
| RADIUS_ATR_ABORT | Terminate the connection. |
| RADIUS_ATR_DROP | Reject the entire message if it contains the specified attribute. |
| RADIUS_ATR_POLICY | Call the function specified to make a decision about the event. See Section 2.1, Policies for requests and responses for details. |
| RADIUS_ATR_ZERO |
An alias of RADIUS_ATR_DROP the action code.
|
| RADIUS_ATR_ACCEPT_MAXONE | The message can contain zero or one of the specified attribute. |
| RADIUS_ATR_ACCEPT_ONE | Accept exactly one attribute in the message. The message is rejected if it does not contain the specified attribute. This action can be used to check the existance of mandatory attributes. |
| RADIUS_ATR_DROP_ONE | Drop the attribute from the message; the message itself is not rejected. |
Table 4.57. Action codes for RADIUS attributes
Published on May 30, 2024
© BalaSys IT Ltd.
Send your comments to support@balasys.hu
