Dropping requests when no authentication possible

tnt at kalik.net tnt at kalik.net
Fri Mar 13 11:38:59 CET 2009


>Thanks Alan, here's where I've ended up so far...
>
>Fri Mar 13 09:57:22 2009 : Error: rlm_ldap: (re)connection attempt failed
>Fri Mar 13 09:57:22 2009 : Info: [ldap] search failed
>Fri Mar 13 09:57:22 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
>
>Fri Mar 13 09:57:22 2009 : Info: +++[ldap] returns fail
>Fri Mar 13 09:57:22 2009 : Info: +++- entering group  {...}
>Fri Mar 13 09:57:22 2009 : Info: ++++[control] returns fail
>Fri Mar 13 09:57:22 2009 : Info: ++++[ok] returns ok
>Fri Mar 13 09:57:22 2009 : Info: +++- group  returns ok

That sets Do-Not-Respond ...

>Fri Mar 13 09:57:22 2009 : Info: ++- policy redundant returns ok
>Fri Mar 13 09:57:22 2009 : Info: No authenticate method (Auth-Type)
>configuration found for the request: Rejecting the user

.. but that puts it to Access-Reject.

>>From this code...
>
>authorize {
>        preprocess
>        auth_log
>        chap
>        mschap
>        files
>        redundant {
>                ldap
>                group {
>                        update control {
>                                Response-Packet-Type = Do-Not-Respond


Try changing that to Tmp-String-0 := "silent"

>                        }
>                        ok
>                }
>        }
>}
>

And than add to Post-Auth-Type REJECT:

if(control:Tmp-String-0 == "silent") {
     update control {
          Response-Packet-Type := 256
     }
}

Ivan Kalik
Kalik Informatika ISP




More information about the Freeradius-Users mailing list