Dropping requests when no authentication possible

Chris Phillips chris at untrepid.com
Fri Mar 13 14:37:52 CET 2009


>
> > Fri Mar 13 09:57:22 2009 : Info: No authenticate method (Auth-Type)
> > configuration found for the request: Rejecting the user
>
>   Ok.  Change the "update" block to:
>
>        update control {
>                Response-Packet-Type = Do-Not-Respond
>                 Auth-Type := Accept
>        }
>
>  I think that will finally work.
>
>  But if the client re-transmits... the server will respond with a
> packet of code 0.  I've fixed that in git.  (Give me a bit to push the
> change publicly).  So you'll still need to update in order to have this
> perfect.
>
>  Alan DeKok.
>

We're close, I can really feel it, but that packet is still hitting the
wire.

Fri Mar 13 13:26:01 2009 : Error: rlm_ldap: (re)connection attempt failed
Fri Mar 13 13:26:01 2009 : Info: [ldap] search failed
Fri Mar 13 13:26:01 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0

Fri Mar 13 13:26:01 2009 : Info: +++[ldap] returns fail
Fri Mar 13 13:26:01 2009 : Info: +++- entering group  {...}
Fri Mar 13 13:26:01 2009 : Info: ++++[control] returns fail
Fri Mar 13 13:26:01 2009 : Info: ++++[ok] returns ok
Fri Mar 13 13:26:01 2009 : Info: +++- group  returns ok
Fri Mar 13 13:26:01 2009 : Info: ++- policy redundant returns ok
Fri Mar 13 13:26:01 2009 : Info: Found Auth-Type = Accept
Fri Mar 13 13:26:01 2009 : Info: Auth-Type = Accept, accepting the user
Fri Mar 13 13:26:01 2009 : Auth: Login OK: [fbloggs] (from client my-switch
port 0 cli 10.10.10.10)
Fri Mar 13 13:26:01 2009 : Info: +- entering group post-auth {...}
Fri Mar 13 13:26:01 2009 : Info: ++[exec] returns noop
Sending Access-Accept of id 242 to 10.20.30.40 port 32771


authorize {
       preprocess
       auth_log
       chap
       mschap
       files
       redundant {
               ldap
               group {
                        update control {
                                Response-Packet-Type := Do-Not-Respond
                                Auth-Type := Accept
                        }
                        ok
                }
        }
}

Thanks

Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090313/cf4d66bb/attachment.html>


More information about the Freeradius-Users mailing list