Charles Thomas <[EMAIL PROTECTED]> wrote: > Problem #1: If someone logs in and then tries to access a resource for > which they do not have permission, the server is throwing out an > "Internal Server Error" (Error code 500) to the browser instead of the > proper "Unauthorized" (Error code 401).
And it's pretty much impossible to figure out why Apache is returning 500 instead of 401. While many people dislike the near-gigabytes of debug out FreeRADIUS produces, those logs are *incredibly* useful. When I try figuring out why Apache is doing, most of the time I give up in frustration. That being said, the "Internal Server Error" *should* result in a message being logged in the error file. > Problem #2: There are times where the .htaccess files are being read, > but ignored. e.g., a user has an .htaccess file in his directory which > is being read, but the "require groups bar" directive is being ignored > and he gets access to the directory anyway. Yup. It's not clear when certain configurations over-ride others, or why. > Does anyone have any experience using both systems together? Unfortunately, yes. > If so, do you have any configuration tips you'd be willing to share? Unfortunately, no. My preference is to avoid Apache, as I can't understand it. > Can anyone theorize why the wrong error is being generated when a user > doesn't have access to a resource? What is generating this error (I'm > guessing Apache) and where would I go to try to fix this bug? My usual method is to run "gdb" on apache, and watch where the error is being generated, and walk back up the stack trace. It's not a method which I would recommend for most people, though. Alan DeKok. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
