Post-Proxy Fail do_not_respond not working
Alan DeKok
aland at deployingradius.com
Tue Mar 1 16:03:57 CET 2016
On Mar 1, 2016, at 5:14 AM, Peter Lambrechtsen <peter at crypt.co.nz> wrote:
>
> I found my last outstanding bug before I deploy my configuration and it's
> got me stumped.
>
> When a Proxy server is down I would like to choose between sending a reject
> or not sending a response at all.
>
> Is there a way that do_not_respond will be honored on 3.0.11 is a
> post-proxy failure situation?
The internal checks for "do not respond" happen just before the response is sent. They are entirely independent of proxying.
> Marking home server 222.222.222.1 port 1812 as zombie (it has not responded
> in 1.000000 seconds).
> (0) ERROR: Failing proxied request for user "peter", due to lack of any
> response from home server 222.222.222.1 port 1812
> (0) Clearing existing &reply: attributes
> (0) Found Post-Proxy-Type Fail-Authentication
> (0) # Executing group from file ./sites-enabled/default
> (0) Post-Proxy-Type Fail-Authentication {
> (0) policy do_not_respond {
> (0) update control {
> (0) &Response-Packet-Type := Do-Not-Respond
That's good...
> (0) } # update control = noop
> (0) [handled] = handled
> (0) } # policy do_not_respond = handled
> (0) } # Post-Proxy-Type Fail-Authentication = handled
> (0) There was no response configured: rejecting request
That's weird. Look in src/main/process.c for that message. 5 lines above, it checks for the "do not respond" attribute.
i.e. the only way that message shows up is if there's no control:Response-Packet-Type.
I've pushed a fix.
Alan DeKok.
More information about the Freeradius-Users
mailing list