Ignoring failed module in post-auth

Michal Bruncko michal.bruncko at zssos.sk
Tue Jan 10 16:47:19 CET 2012

Hi Alan,

thank you for reply. But I am afraid that your example is not working. 
According "doc/configurable_failover": "The normal configuration is 
"fail = return", which
means "if the detail module fails, stop processing the accounting
section". ..so "fail = return" is the default..

If I configure post-auth section like this:

post-auth {
	sql {
		fail = return

user autentication with unreachable mysql server will always ends with:
"++[sql] returns fail
Using Post-Auth-Type Reject"

I have not mentioned in my first email about looking to unlang. I have 
looked on it, but either I dont understand or there is not that 
combination of "code = value" that fills for this needs (I would not 
sting the truth).

thanks for any next hint for this


On 10. 1. 2012 0:31, Alan Buxey wrote:
> Hi,
>> but in case that the central mysql server (for many radius servers) is
>> unreachable, the loggining of request was failed and the module
>> executions returns with "++[sql] returns fail" and also whole
>> autentication procedure fails with REJCT even if the user was
>> successufully authenticated inside the "authenticate" section.
> man unlang
>                     ok              the module succeeded
>                     updated         the module updated the request
>                     fail            the module failed
> and then doc/configurable_failover
> you want something like
> post-auth {
> 	sql_log {
> 	fail = return
> 	}
> }
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

Ing. Michal Bruncko, PhD., CCNP
Linux systems and network administrator
Coupled school of business and services Ruzomberok
Slovak Republic

More information about the Freeradius-Users mailing list