Overriding proxy response

Alan DeKok aland at deployingradius.com
Thu Sep 10 12:00:28 CEST 2009


John Morrissey wrote:
> I would like to override failed (rejected, timed out) proxy responses with
> local authentication data. IOW, if the proxy request fails, I want to
> process the request locally.

  That can't really be done with the current server.  You will need to
hack the source code to get this done.

> It looks like the proxy reply trumps local authorization/authentication, and
> I can't find a way to override the proxy's response code.

  Yes.  There is usually ONE source for authentication.  Turning a
reject into an accept is a *very* unusual practice.

> If this was the opposite way (don't proxy for accounts that exist locally),
> it seems I could remove Proxy-To-Realm to prevent proxying.
> 
> Is there a way to do the opposite (perform proxying and override the proxy's
> response with local auth)?

  No.

  Alan DeKok.



More information about the Freeradius-Users mailing list