It seems like this will run soon, I can feel it. I use this rest module code right now: rest check_access_rest { connect_timeout = 4.0 connect_uri = "http://IP" authorize { uri = "${..connect_uri}/demo?username=%{User-Name}" method = 'get' } authenticate { } accounting { } post-auth { } pool { start = ${thread[pool].start_servers} min = ${thread[pool].min_spare_servers} max = ${thread[pool].max_servers} spare = ${thread[pool].max_spare_servers} uses = 0 lifetime = 0 idle_timeout = 60 } } Debug shows this output: (0) check_access_rest: EXPAND http://IP (0) check_access_rest: --> http://IP (0) check_access_rest: EXPAND /demo?username=%{User-Name} (0) check_access_rest: --> /demo?username=testing (0) check_access_rest: Sending HTTP GET to "http://IP/demo?username=testing" (0) check_access_rest: Processing response header (0) check_access_rest: Status : 200 (OK) (0) check_access_rest: Type : json (application/json) (0) check_access_rest: Parsing attribute "Auth-Type" (0) check_access_rest: EXPAND Accept (0) check_access_rest: --> Accept (0) check_access_rest: Auth-Type := Accept rlm_rest (check_access_rest): Released connection (0) rlm_rest (check_access_rest): Need 5 more connections to reach 10 spares rlm_rest (check_access_rest): Opening additional connection (5), 1 of 27 pending slots used rlm_rest (check_access_rest): Connecting to "http://IP" (0) [check_access_rest] = updated (0) } # authorize = updated (0) ERROR: No Auth-Type found: rejecting the user via Post-Auth-Type = Reject (0) Failed to authenticate the user I only would like to use the authorize function, as far as I understand debug this process is done correctly. But it seems like the authenticate process fails. In my default config I’ve placed this authorize { check_access_rest } authenticate { } How to disable authenticate module so it will not try to start the rest module? It seems to start the module (you can see this in the debug ouput, it only used the IP address, not the „full path“). Regards; janis
Am 22.07.2016 um 16:00 schrieb Matthew Newton <mcn4@leicester.ac.uk>:
On Fri, Jul 22, 2016 at 03:27:18PM +0200, Herwin Weststrate wrote:
On 22-07-16 15:16, Matthew Newton wrote:
Or install the freeradius-rest package if installed from packages.
If that is the case, I would consider it a bug that some package other than freeradius-rest installs mods-available/rest.
Possibly. You can probably argue it two ways.
All the config is in freeradius-config. And that is optional IIRC. So you can install all the binary packages, and run with your own config, without installing the default config.
If module-specific config was in module packages then you could install everything except the -config package, and end up with just little bits of config on your system, which is rather messy. Especially if you've put your own config in the standard location, and installing a module package would then modify your live config.
Not sure which is the best way - both seem to have arguments for and against. I think personally I slightly lean towards the current way, but not entirely sure.
Matthew
-- Matthew Newton, Ph.D. <mcn4@leicester.ac.uk>
Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom
For IT help contact helpdesk extn. 2253, <ithelp@le.ac.uk> - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html