Dropping requests when no authentication possible

tnt at kalik.net tnt at kalik.net
Thu Mar 12 17:33:23 CET 2009


>I've set up a 2.1.4 server, and working pretty well with authentication
>against LDAP alone. What I've noticed though is that if the LDAP server is
>down on the same box then the LDAP module, rightfully, fails. However whilst
>this leaves the service unable to authenticate the user, it still replies
>back with a REJECT packet to the client. As such the client switch / router
>whatever, doesn't try the next server in it's config, as it's had a valid
>RADIUS response.
>
>Is there any way to force a logic whereby if the ldap module fails, it would
>drop the RADIUS request on the floor, to make it look like a service failure
>to the client?

Read the list. There is another thread about the same "problem". Only
about unreachable sql servers.

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list