Close, but not quite. The authenticate section rejects file module types with the
following error (when starting up radiusd -X):
Error: radiusd.conf: "files" modules aren't allowed in 'authenticate' sections -- they
have no such method.
I specified radiusd.conf as:
...
authenticate {
...
# at the end of the authenticate section
Auth-Type foo {
mschap {
reject = 1
noop = 1
fail = 1
invalid = 1
notfound = 1
ok = return
handled = return
userlock = return
updated = return
}
my_proxy #<--- fails on this because files aren't
# supported in the authenticate section
}
}
...
Any other ideas? I've also tried throwing in a realm rather than a file and radiusd
complains about that too (essentially the same error message).
Daniel
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED] Behalf Of Alan
DeKok
Sent: Monday, June 28, 2004 12:48 PM
To: [EMAIL PROTECTED]
Subject: Re: Problems with configurable_failover
"Roy, Daniel" <[EMAIL PROTECTED]> wrote:
> Great stuff Alan. Thank you. I deleted my entry in radgroupcheck in
> MySQL that had "Auth-Type :=3D Local", and now:
> 1) Valid user-names and passwords result in Access-Accept (as desired)
> 2) Invalid user-names (regardless of password) get proxied (as desired)
> Cool.
Sounds good to me.
> Now the only thing that the configurable failover isn't doing for me is
> in the authenticate stage, which I can't see how to do since the
> authenticate section in radiusd.conf doesn't support a configurable
> failover section, as far as I can tell.
Hmmm... it might. The code which handles configurable failover is
in src/main/mod*.c, and it doesn't know about the differences between
authorze{} or authenticate{}. So it should work.
e.g.
authenticate {
Auth-Type foo {
bar {
reject = 1
}
baz
}
}
> What I want to happen is that any failed authentication be proxied as
> well.
The above example may work.
Alan DeKok.
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
