Dropping requests when no authentication possible

Chris Phillips chris at untrepid.com
Sun Mar 15 10:17:32 CET 2009


On Sat, Mar 14, 2009 at 8:08 AM, Alan DeKok <aland at deployingradius.com>wrote:

> Chris Phillips wrote:
> > Thanks, frustrating this, maybe I'll need to revert to ideas about a
> > cron job to do some housekeeping checks...
>
>   One more thought:
>
> authorize {
>        ...
>        redundant {
>                redundant {
>                        ldap1
>                        ldap2
>                }
>
>                 group {
>                        update control {
>                                Response-Packet-Type = Do-Not-Respond
>                        }
>
>                         handled  # i.e. not "ok"
>                }
>        }
>        ...
> }
>
>  The "handled" return code says "stop processing right now..."
>

Yahooooooo! that's the one! Debug instantly said that it will stop
processing the request and no response is to be sent. Brilliant.


>
> > Is there an angle to filter out the Access-Type field in the packet that
> > gets sent back? Would a useless packet have the same effect as no packet
> > at all?
>
>   What's Access-Type?


It's me not remembering RADIUS correctly. I just wondered if it was possible
to send a packet back that was not an accept, reject or anything useful at
all. Irrelevant now anyway, thanks for your help.

Chris
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20090315/2effdf40/attachment.html>


More information about the Freeradius-Users mailing list