sqlippool reject authentication if no IP?
Hugh Messenger
hugh at alaweb.com
Fri Jun 29 17:35:32 CEST 2007
Peter Nixon <listuser at peternixon.net> said:
> On Thu 28 Jun 2007, Hugh Messenger wrote:
> > Peter Nixon <listuser at peternixon.net> said:
> > > On Thu 28 Jun 2007, Alan DeKok wrote:
> > > > Hugh Messenger wrote:
> > > > > With my current configuration, if sqlippool cannot assign an IP,
> the
> > > > > authentication still succeeds.
> > > >
> > > > The module returns NOOP. It could arguable return "fail".
> >
> > Just a nitpick, but for pool depletion it returns 'notfound'.
>
> Can you suggest a better return code?
Not at all. I was just responding to Alan's comment above that "the module
returns NOOP". My bad, trying to respond to two people in one email.
> I am assuming you have already read:
> http://wiki.freeradius.org/Rlm_sqlippool
>
> If not please do so :-)
I had read it (several times) but as is often the case I misunderstood some
of it. I now realize the failover example does do what I'd expect (not
failing over on a notfound).
> > Speaking of which. What would be the simplest way of having an email
> > alert if a 'notfound' happens? This is all for PPPOE wireless clients,
> > which are carefully provisioned. So we should never end up running out
> of
> > dynamic pool space, and I need to know about it if we do.
>
> logwatch/swatch/splunk etc ;-)
I'm a splunker, as it happens. Which was indeed what I figured I'd use if
there was no built in mechanism.
[inserted from your followup mail]
> Of course you COULD write an external mail script and run it as a
> radiusd "exec" module. (or something with rlm_perl/rlm_python)
I've been looking for a simple test case to try out rlm_perl, I might give
that a go.
> Peter Nixon
> http://www.peternixon.net/
> PGP Key: http://www.peternixon.net/public.asc
As usual, thanks for your help.
-- hugh
More information about the Freeradius-Users
mailing list