Hi Alan, just an additional question... Is Post-Proxy-Type Fail-Authentication triggered both when a selected home-server times out and also when no home-servers are available in the realm's pool (maybe because they're all marked as zombies)? Gianni On Fri, Jan 18, 2019 at 3:09 PM Alan DeKok <aland@deployingradius.com> wrote:
On Jan 18, 2019, at 6:17 AM, Gianni Costanzi <gianni.costanzi@gmail.com> wrote:
Thank you for your answer. Actually we can install only from official Redhat Enterprise repositories, due to internal policies which are quite restrictive. Unfortunately it’s not so easy to switch vendor when you’re working in big companies that must comply to tens of policies (due to ISOs, PCI-DSS, GDPR), I perfectly understood what you say and I have your attitude when working on my own systems.
I tend to be cynical about "security" policies that prevent security from happening...
BTW, where should the following code snipped be placed? In which file/section?
Post-Proxy-Type Fail { do_not_respond }
In the "Post-Proxy-Type" subsection...
$ cd /etc/raddb $ grep -r -- 'Post-Proxy-Type'
Takes 2 minutes...
And if you read the debug output, it will show that it's running a post-proxy subsection.
See sites-available/default. It's all there....
Alan DeKok.
- List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html