Post-Proxy-Type Reject handling
Julius Plenz
plenz at cis.fu-berlin.de
Fri Nov 1 15:10:17 CET 2013
Hi,
I'm a little bit confused by the change introduced in commit
4b9d325515 ("Set Post-Proxy-Type Reject if the request was rejected by
the proxy server") from 19 Dec 2012.
I think most users, including me, expect that a Reject reply received
from a remote RADIUS server is automatically forwarded by the
mediating RADIUS server to the client. But it seems this patch changes
the default behaviour. What I'm seeing is that such a Reject reply
will be silently discarded and *not* forwarded to the client.
This may break a few setups. Sadly, the Post-Proxy-Type "Reject"
is not even mentioned anywhere in the example config files. Especially
I would suggest adding a hint akin to the "Fail" case in
"raddb/sites-available/default".
What is the correct move to make FreeRADIUS behave like pre-2.2.1,
i.e. just forwarding the proxy reply? I'm guessing I should duplicate
my "post-proxy" modules again inside a Post-Proxy-Type Reject {}
stanza?
Thank you,
Julius
More information about the Freeradius-Users
mailing list