<br><br><div class="gmail_quote">On Thu, Mar 12, 2009 at 4:33 PM, <span dir="ltr"><<a href="mailto:tnt@kalik.net">tnt@kalik.net</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<div class="im">>I've set up a 2.1.4 server, and working pretty well with authentication<br>
>against LDAP alone. What I've noticed though is that if the LDAP server is<br>
>down on the same box then the LDAP module, rightfully, fails. However whilst<br>
>this leaves the service unable to authenticate the user, it still replies<br>
>back with a REJECT packet to the client. As such the client switch / router<br>
>whatever, doesn't try the next server in it's config, as it's had a valid<br>
>RADIUS response.<br>
><br>
>Is there any way to force a logic whereby if the ldap module fails, it would<br>
>drop the RADIUS request on the floor, to make it look like a service failure<br>
>to the client?<br>
<br>
</div>Read the list. There is another thread about the same "problem". Only<br>
about unreachable sql servers.<br>
<br>
Ivan Kalik<br>
Kalik Informatika ISP</blockquote><div><br>Quite a coincidence, I was looking at the weekend and could find nothing.<br><br>I'll try having a go at the example in the sql thread: <br><br><pre>authorize {<br> ...<br>
redundant_sql<br> if (fail) {<br> update control {<br> # Do-Not-Respond <br> Response-Packet-Type = 256<br> }<br> reject<br>
}<br> elsif (notfound) {<br> reject<br> }<br>}<br></pre></div></div>And respond back one way or another.<br><br>Thanks<br><br>Chris<br>