Dropping requests when no authentication possible
tnt at kalik.net
tnt at kalik.net
Fri Mar 13 11:38:59 CET 2009
>Thanks Alan, here's where I've ended up so far...
>
>Fri Mar 13 09:57:22 2009 : Error: rlm_ldap: (re)connection attempt failed
>Fri Mar 13 09:57:22 2009 : Info: [ldap] search failed
>Fri Mar 13 09:57:22 2009 : Debug: rlm_ldap: ldap_release_conn: Release Id: 0
>
>Fri Mar 13 09:57:22 2009 : Info: +++[ldap] returns fail
>Fri Mar 13 09:57:22 2009 : Info: +++- entering group {...}
>Fri Mar 13 09:57:22 2009 : Info: ++++[control] returns fail
>Fri Mar 13 09:57:22 2009 : Info: ++++[ok] returns ok
>Fri Mar 13 09:57:22 2009 : Info: +++- group returns ok
That sets Do-Not-Respond ...
>Fri Mar 13 09:57:22 2009 : Info: ++- policy redundant returns ok
>Fri Mar 13 09:57:22 2009 : Info: No authenticate method (Auth-Type)
>configuration found for the request: Rejecting the user
.. but that puts it to Access-Reject.
>>From this code...
>
>authorize {
> preprocess
> auth_log
> chap
> mschap
> files
> redundant {
> ldap
> group {
> update control {
> Response-Packet-Type = Do-Not-Respond
Try changing that to Tmp-String-0 := "silent"
> }
> ok
> }
> }
>}
>
And than add to Post-Auth-Type REJECT:
if(control:Tmp-String-0 == "silent") {
update control {
Response-Packet-Type := 256
}
}
Ivan Kalik
Kalik Informatika ISP
More information about the Freeradius-Users
mailing list