On 7 Oct 2013, at 10:36, A.L.M.Buxey@lboro.ac.uk wrote:
Hi,
We're finding these nuggets of code as we dig deeper into James's legacy config. If the Access-Accept response is not required, then presumably I can ditch that entire code block and let the wisms-testing auth attempt go through the system as any other user.
yes....but you'd be better off just sending an immediate Access-Reject or these probes go through your whole config and hit your backend authentication servers for no reason.
Well you want the probes to go through and hit your backed authentication servers, and your databases, and any external resource. In the event of a failure of any of those modules you want to not respond to the WiSM. In 3.0.0 a really easy way to check for that sort of thing is using the presence of Module-Failure-Message, though you should be careful to clear it if you have redundant sections, or alternative behaviour on module failure. Previously Module-Failure-Message had to be set explicitly by the module, so wasn't implemented by all modules. In 3.0.0 when standardising the logging macros and added a call to set it on all request errors (RERROR, REDEBUG, REDEBUG2, REDEBUG3, REDEBUG4), which most, if not all modules use to log errors. -Arran Arran Cudbard-Bell <a.cudbardb@freeradius.org> FreeRADIUS Development Team