Want to silently discard the request if authentication module as?web?service client connecting to the web service server is down.
Alexander Clouter
alex at digriz.org.uk
Wed Aug 10 08:20:53 CEST 2011
Ankur G <ankur.g at globallogic.com> wrote:
>
> We have a little different scenario. We have two different instances of web
> server connecting to two different Radius server such that if one of the
> radius server not able to connect the webserver, radius client can fail over to
> another radius server which has a different web-server connecting. Find
> below is the scenario:
>
> /--W1--\ -- /--- R1 ---\
> --- C
> /--W2--\ -- /--- R2 ---\
>
Why can't R1 talk to W1 *and* W2? Your module should be able to try
using both surely (if W1 fails, it should try W2)?
I suspect it would be a strange network failure if W1 and W2 are
unreachable to R1 but R2 could still speak to W2 (misconfiguration
rather than node/router failure)?
Well, you should still use FAIL in your module rather than REJECT if
something internal to the module has failed. Combine this with what
Alan already has pointed you to, do_not_respond in policy.conf, and you
should be able to get to where you want to be.
Cheers
--
Alexander Clouter
.sigmonster says: If you sow your wild oats, hope for a crop failure.
More information about the Freeradius-Users
mailing list