Ankur G <anku...@globallogic.com> wrote: > > But If the exposed web-service is down, Radius server simply reject the > authentication request with the response message as "Access_Rejected". > > We want Radius server instead of rejecting, simply discard the > authentication request which will allow the RADIUS *client* to failover to > another RADIUS server. > ...surely the other RADIUS server the client has listed will also be unable to process the request as the web service is down?
If you have multiple web-service instances about, then your perl/python/exec code should failover to using other instances. I find it hard how this situation would help you in practise (W -> web, R -> RADIUS server, C -> RADIUS client) as surely if R1 is unable to talk to W, having C failover to R2 is not going to help? /--- R1 ---\ W --- --- C \--- R2 ---/ If you have W1 and W2, then R1 and R2 should be able to talk to both. > So while going through the FreeRadius configuration i came across the section > in sites-avaliable/default file under "post-auth" section which state that > "Access-Reject packets are sent through the REJECT sub-section of the > post-auth section." and is as follow: > > Post-Auth-Type REJECT { > # log failed authentications in SQL, too. > #sql > attr_filter.access_reject > } > > If you think this is the right approach, could you please provide me the > sample > code using which if i could check for the rlm status code and could silently > discard the responses other than the "RLM_MODULE_OK" and > "RLM_MODULE_REJECTED. > http://wiki.freeradius.org/Modules2#Module+Return+Codes RLM_MODULE_FAIL looks like a better option to use, although it will not give you what you want; but it would enable you to use unlang to perform other tasks. Cheers -- Alexander Clouter .sigmonster says: You fill a much-needed gap. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html