Return no answer to the client if proxied access request times out

Gianni Costanzi gianni.costanzi at gmail.com
Fri Jan 18 15:52:17 CET 2019


Hi Alan, just an additional question...  Is Post-Proxy-Type
Fail-Authentication triggered both when a selected home-server times
out and also when
no home-servers are available in the realm's pool (maybe because
they're all marked as zombies)?

     Gianni

On Fri, Jan 18, 2019 at 3:09 PM Alan DeKok <aland at deployingradius.com> wrote:
>
> On Jan 18, 2019, at 6:17 AM, Gianni Costanzi <gianni.costanzi at gmail.com> wrote:
> >
> > Thank you for your answer. Actually we can install only from official
> > Redhat Enterprise repositories, due to internal policies which are quite
> > restrictive. Unfortunately it’s not so easy to switch vendor when you’re
> > working in big companies that must comply to tens of policies (due to ISOs,
> > PCI-DSS, GDPR), I perfectly understood what you say and I have your
> > attitude when working on my own systems.
>
>   I tend to be cynical about "security" policies that prevent security from happening...
>
> > BTW, where should the following code snipped be placed? In which
> > file/section?
> >
> > Post-Proxy-Type Fail {
> >                do_not_respond
> >        }
>
>   In the "Post-Proxy-Type" subsection...
>
> $ cd /etc/raddb
> $ grep -r -- 'Post-Proxy-Type'
>
>   Takes 2 minutes...
>
>   And if you read the debug output, it will show that it's running a post-proxy subsection.
>
>   See sites-available/default.  It's all there....
>
>   Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html



More information about the Freeradius-Users mailing list