Want to silently discard the request if authentication module as web service client connecting to the web service server is down.

[Ankur G]

Hi

In FreeRadius 2.1.11, we have created a module name "ws" which authenticate
and authorize the user request through the web-service call, exposed as a
WSDL.

In the successful scenario when both Radius server and web service are up,
we are able to authenticate and authorize the user request and in the
failure scenario when both Radius server and web service are up, but the
user credential are not correct, radius server reject the request as
expected.

But If the exposed web-service is down, Radius server simply reject the
authentication request with the response message as "Access_Rejected".

We want Radius server instead of rejecting, simply discard the
authentication request which will allow the RADIUS *client* to failover to
another RADIUS server.

So while going through the FreeRadius configuration i came across the section
in sites-avaliable/default file under "post-auth" section which state that
"Access-Reject packets are sent through the REJECT sub-section of the
post-auth section." and is as follow:

Post-Auth-Type REJECT {
     # log failed authentications in SQL, too.
     #sql
    attr_filter.access_reject
}

If you think this is the right approach, could you please provide me the sample
code using which if i could check for the rlm status code and could silently
discard the responses other than the "RLM_MODULE_OK" and
"RLM_MODULE_REJECTED.



Thanks & Regards,

--Ankur
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20110809/62ac2075/attachment.html>