Ok, here is probably a use case for silently dropping rejects. That way your NAS will behave okay....but you only want to do this if the LDAP is down...so need to base it on that condition. That's if you want to keep it all in the server, you could have an external cronjob or such that checks LDAP and stops/starts the radius daemon alan -- This smartphone uses free WiFi around the world with eduroam, now that's what I call smart.
On Wed, 2012-06-13 at 06:35 +0000, Alan Buxey wrote:
Ok, here is probably a use case for silently dropping rejects. That way your NAS will behave okay....but you only want to do this if the LDAP is down...so need to base it on that condition. That's if you want to keep it all in the server, you could have an external cronjob or such that checks LDAP and stops/starts the radius daemon
thanks Alan, The suggestion from Alan DeKok works well for my needs at this stage, but your suggestion would be useful as a safety check to stop the radius daemon incase a miss configuration in production if it detects a known test user can't authenticate for any reason. (or maybe an iptables -j REJECT) regards, jethro -- Jethro Carr www.jethrocarr.com
Hi,
thanks Alan,
The suggestion from Alan DeKok works well for my needs at this stage, but your suggestion would be useful as a safety check to stop the radius daemon incase a miss configuration in production if it detects a known test user can't authenticate for any reason.
..yes, thats the method that I suggested to. theres a lot of stuff in the server that just needs to be enabled (particularly useful are those things in policy.conf) alan
participants (3)
-
Alan Buxey -
alan buxey -
Jethro Carr