Hi All, Any pointers on how to start hacking the source? What I need to do is look for MS-CHAP-Error 648 (which means the password needs to be changed) and then add a different IP address and filter + DNS server information in order for the end-user to be redirected to a webserver. I can't do all of it in rlm_perl because I need to proxy to a windows IAS. Cheers John Morrissey wrote:
I would like to override failed (rejected, timed out) proxy responses with local authentication data. IOW, if the proxy request fails, I want to process the request locally.
That can't really be done with the current server. You will need to hack the source code to get this done.
It looks like the proxy reply trumps local authorization/authentication, and I can't find a way to override the proxy's response code.
Yes. There is usually ONE source for authentication. Turning a reject into an accept is a *very* unusual practice.
If this was the opposite way (don't proxy for accounts that exist locally), it seems I could remove Proxy-To-Realm to prevent proxying.
Is there a way to do the opposite (perform proxying and override the proxy's response with local auth)?
No. Alan DeKok.