Problem with Cisco WLC probes in FR 2.2.1
Arran Cudbard-Bell
a.cudbardb at freeradius.org
Mon Oct 7 12:16:48 CEST 2013
On 7 Oct 2013, at 10:36, A.L.M.Buxey at lboro.ac.uk wrote:
> Hi,
>
>> We're finding these nuggets of code as we dig deeper into James's
>> legacy config. If the Access-Accept response is not required, then
>> presumably I can ditch that entire code block and let the
>> wisms-testing auth attempt go through the system as any other user.
>
> yes....but you'd be better off just sending an immediate Access-Reject
> or these probes go through your whole config and hit your backend authentication
> servers for no reason.
Well you want the probes to go through and hit your backed authentication servers,
and your databases, and any external resource.
In the event of a failure of any of those modules you want to not respond to the
WiSM.
In 3.0.0 a really easy way to check for that sort of thing is using the presence
of Module-Failure-Message, though you should be careful to clear it if you have
redundant sections, or alternative behaviour on module failure.
Previously Module-Failure-Message had to be set explicitly by the module, so wasn't
implemented by all modules. In 3.0.0 when standardising the logging macros and added
a call to set it on all request errors (RERROR, REDEBUG, REDEBUG2, REDEBUG3, REDEBUG4),
which most, if not all modules use to log errors.
-Arran
Arran Cudbard-Bell <a.cudbardb at freeradius.org>
FreeRADIUS Development Team
More information about the Freeradius-Users
mailing list