response sent after do_not_respond called
Alan DeKok
aland at deployingradius.com
Thu Apr 26 04:46:23 CEST 2018
On Apr 25, 2018, at 10:09 PM, Geoffrey D. Bennett <g at netcraft.com.au> wrote:
> My use case for this is that I have a database lookup in the post-auth
> section, and if the database connection fails I need to return no
> response so that the NAS will send its request to the other RADIUS
> server which has the backup database.
That's useful, I must admin.
> Is there another way to do this from the post-auth section?
Not really. We would have to change the source code.
> I can't
> move these checks into the authorise section as they have to run after
> authentication. What do you think about adding support for this?
You can just list the rules in the "authenticate" section. e.g.
authenticate {
Auth-Type PAP { # or whatever you use...
pap # will reject on failure
do_database_stuff
}
...
}
> Could you point me in the appropriate direction to implement this if
> you'd accept such a patch?
src/main/process.c. Look for "Not responding to request". And try to figure it out. :(
Honestly, just move the database checks to the "authenticate" section, inside of whatever Auth-Type subsection is running.
If you're using SQL, and you need to log to SQL, just do:
authenticate {
Auth-Type PAP { # or whatever you use...
pap # will reject on failure
sql.post_auth
}
...
}
Which will run the "post-auth" rules for SQL, but during the "authenticate" phase.
Alan DeKok.
More information about the Freeradius-Users
mailing list