Thank you very much Alan! That was it I thought i needed to do something like that but I couldnt figure out how exactly. Looking at it, makes total sense. Thank you again! On Wed, May 2, 2018 at 2:28 PM, Alan DeKok <aland@deployingradius.com> wrote:
On May 2, 2018, at 2:21 PM, Dave Macias <davama@gmail.com> wrote:
I was trying to test this out. Thought it was a nice idea. Unfortunately i still see a response from the radius server with the dead ldap.
The debug log shows why. You are running TONS of policies in the "post-auth" section, one of which is an explicit "reject". See line 949.
The solution is to skip all that. If the control list has &Response-Packet-Type := Do-Not-Respond, then *stop doing anything else*. Just skip the entire post-auth section:
post-auth { if (control:Response-Packet-Type == Do-Not-Respond) { return }
... everything else... }
Im assuming my issue is with my post-auth section, since if no conditions are met then send reject by default. ( line 978 on alive ldap ) ( line 917 on dead ldap ). Is this correct?
Yes.
If you don't want the server to respond, then you need to tell it to not respond. And don't tell it "oh never mind, send a REJECT!"
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/ list/users.html