Post-Proxy Fail do_not_respond not working

Peter Lambrechtsen peter at crypt.co.nz
Tue Mar 1 22:37:18 CET 2016 

On Wed, Mar 2, 2016 at 4:03 AM, Alan DeKok <aland at deployingradius.com>
wrote:

> On Mar 1, 2016, at 5:14 AM, Peter Lambrechtsen <peter at crypt.co.nz> wrote:
> >
> > I found my last outstanding bug before I deploy my configuration and it's
> > got me stumped.
> >
> > When a Proxy server is down I would like to choose between sending a
> reject
> > or not sending a response at all.
> >
> > Is there a way that do_not_respond will be honored on 3.0.11 is a
> > post-proxy failure situation?
>
>   The internal checks for "do not respond" happen just before the response
> is sent.  They are entirely independent of proxying.
>
> > Marking home server 222.222.222.1 port 1812 as zombie (it has not
> responded
> > in 1.000000 seconds).
> > (0) ERROR: Failing proxied request for user "peter", due to lack of any
> > response from home server 222.222.222.1 port 1812
> > (0) Clearing existing &reply: attributes
> > (0) Found Post-Proxy-Type Fail-Authentication
> > (0) # Executing group from file ./sites-enabled/default
> > (0)   Post-Proxy-Type Fail-Authentication {
> > (0)     policy do_not_respond {
> > (0)       update control {
> > (0)         &Response-Packet-Type := Do-Not-Respond
>
>   That's good...
>
> > (0)       } # update control = noop
> > (0)       [handled] = handled
> > (0)     } # policy do_not_respond = handled
> > (0)   } # Post-Proxy-Type Fail-Authentication = handled
> > (0) There was no response configured: rejecting request
>
>   That's weird.  Look in src/main/process.c for that message.  5 lines
> above, it checks for the "do not respond" attribute.
>
>   i.e. the only way that message shows up is if there's no
> control:Response-Packet-Type.
>
>   I've pushed a fix.
>

Yep.. .That fixed it.

(1) No proxy response, giving up on request and marking it done
Marking home server 222.222.222.1 port 1645 as zombie (it has not responded
in 5.000000 seconds).
(1) ERROR: Failing proxied request for user "peter", due to lack of any
response from home server 222.222.222.1 port 1645
(1) Clearing existing &reply: attributes
(1) Found Post-Proxy-Type Fail-Authentication
(1) # Executing group from file ./sites-enabled/default
(1)   Post-Proxy-Type Fail-Authentication {
(1)     policy do_not_respond {
(1)       update control {
(1)         &Response-Packet-Type := Do-Not-Respond
(1)       } # update control = noop
(1)       [handled] = handled
(1)     } # policy do_not_respond = handled
(1)   } # Post-Proxy-Type Fail-Authentication = handled
(1) Not responding to request
(1) # Executing section post-auth from file ./sites-enabled/default
(1)   post-auth {
(1)   } # post-auth = ok
(1) Not sending reply to client.
(1) Finished request
Waking up in 3.9 seconds.
(1) No reply.  Ignoring retransmit

That was my last issue. Many thanks :)

More information about the Freeradius-Users mailing list