Hi <div><br></div><div>In FreeRadius 2.1.11, we have created a module name "ws" which authenticate and authorize the user request through the web-service call, exposed as a WSDL.</div><div><br></div><div>In the successful scenario when both Radius server and web service are up, we are able to authenticate and authorize the user request and in the failure scenario when both Radius server and web service are up, but the user credential are not correct, radius server reject the request as expected. </div>
<div><br></div><div>But If the exposed web-service is down, Radius server simply reject the authentication request with the response message as "Access_Rejected".</div>
<div><br></div><div>We want Radius server instead of rejecting, simply discard the authentication request which<span style="font-family:arial, FreeSans, Helvetica, sans-serif;font-size:14px;line-height:20px"> will allow the RADIUS <b style="font-weight:bold">client</b></span><span style="font-family:arial, FreeSans, Helvetica, sans-serif;font-size:14px;line-height:20px"> to failover to another RADIUS server.</span></div>
<div><span><font face="arial, FreeSans, Helvetica, sans-serif"><span style="font-size:14px;line-height:20px"><br></span></font></span></div><div>
<span><font face="arial, FreeSans, Helvetica, sans-serif"><span style="font-size:14px;line-height:20px">So while going through the FreeRadius configuration i came across the </span></font></span><span style="font-family:arial, FreeSans, Helvetica, sans-serif;font-size:14px;line-height:20px">section in sites-avaliable/default file under "post-auth" section which state that "Access-Reject packets are sent through the REJECT sub-section of the post-auth section." and is as follow:</span></div>
<div><span style="font-family:arial, FreeSans, Helvetica, sans-serif;font-size:14px;line-height:20px"><br></span></div><div><span style="font-family:arial, FreeSans, Helvetica, sans-serif;font-size:14px;line-height:20px">Post-Auth-Type REJECT {</span></div>
<div><span style="font-family:arial, FreeSans, Helvetica, sans-serif;font-size:14px;line-height:20px"> # log failed authentications in SQL, too. </span></div><div><span style="font-family:arial, FreeSans, Helvetica, sans-serif;font-size:14px;line-height:20px"> #sql </span></div>
<div><span style="font-family:arial, FreeSans, Helvetica, sans-serif;font-size:14px;line-height:20px"> attr_filter.access_reject </span></div><div><span style="font-family:arial, FreeSans, Helvetica, sans-serif;font-size:14px;line-height:20px">}</span></div>
<div><span style="font-family:arial, FreeSans, Helvetica, sans-serif;font-size:14px;line-height:20px"><br></span></div><div>If you think this is the right approach, could you please provide me the <span style="font-family:arial, FreeSans, Helvetica, sans-serif;font-size:14px;line-height:20px">sample code using which if i could check for the rlm status code and could silently discard the responses other than the "RLM_MODULE_OK" and "RLM_MODULE_REJECTED.</span><span><font face="arial, FreeSans, Helvetica, sans-serif"><span style="font-size:14px;line-height:20px"> </span><br clear="all">
</font><br> <br><p style="margin:0in 0in 0pt">
<span style="color:#333333"><font><span style="font-size:small">Thanks & Regards,</span></font></span></p>
<p style="margin:0in 0in 0pt"><font class="Apple-style-span" color="#333333">--Ankur</font></p></span></div><div><span style="font-family:arial, FreeSans, Helvetica, sans-serif;font-size:14px;line-height:20px"><p style="margin-top:0px;margin-right:0px;margin-bottom:1em;margin-left:0px;padding-top:0px;padding-right:0px;padding-bottom:0px;padding-left:0px">
<br></p></span></div><div></div>