Overriding proxy response
Eric
eric at ipergy.net
Sun Oct 4 20:27:25 CEST 2009
Hi All,
Any pointers on how to start hacking the source?
What I need to do is look for MS-CHAP-Error 648 (which means the
password needs to be changed) and then add a different IP address and
filter + DNS server information in order for the end-user to be
redirected to a webserver.
I can't do all of it in rlm_perl because I need to proxy to a windows IAS.
Cheers
John Morrissey wrote:
> I would like to override failed (rejected, timed out) proxy responses
with
> local authentication data. IOW, if the proxy request fails, I want to
> process the request locally.
That can't really be done with the current server. You will need to
hack the source code to get this done.
> It looks like the proxy reply trumps local
authorization/authentication, and
> I can't find a way to override the proxy's response code.
Yes. There is usually ONE source for authentication. Turning a
reject into an accept is a *very* unusual practice.
> If this was the opposite way (don't proxy for accounts that exist
locally),
> it seems I could remove Proxy-To-Realm to prevent proxying.
>
> Is there a way to do the opposite (perform proxying and override the
proxy's
> response with local auth)?
No.
Alan DeKok.
More information about the Freeradius-Users
mailing list