On Tue, 13 Jul 2004, Roy, Daniel wrote: > Hi all, > > This is a rather detailed question, since it relates to the source code of > freeRADIUS, but I'm trolling to see if anyone has come across this or what a > freeRADIUS expert might suggest as a solution. > > Configurable failover in working for me in the authorize section. Also, I've built > an authenticate section in rlm_files so that now configurable failover is working in > the authenticate section (for MS-CHAP in my case). In both cases I'm proxying to > another realm as the failover. > > Now my problem: Somewhere between authorize and MS-CHAP authenticate, I need to > configure failover if an account is expired, since account expiration doesn't seem > to be part of the authorize section. > > Code details: > In src/main/auth.c:rad_authenticate, it loops over the registered and configured > modules with an authorize section, then it checks to see if it needs to proxy, then > it performs the authentication. Authentication starts by checking the account > expiration followed by checking the password, and so on. Checking the password > (rad_check_password) includes calling the appropriate module_authenticate. So > checking account expiration is stuck in a "no mans land" between authorization and > authentication. Is there a way for me to include expiration as a rejection of > authentication in configurable failover or do I need to hack the source code ? > > Around line 550 of src/main/auth.c in rad_authenticate: > /* > * Validate the user > */ > do { > if ((result = check_expiration(request)) < 0) > break; > ... > > Around line 710 of src/main/auth.c in rad_authenticate: > /* > * Result should be >= 0 here - if not, we return. > */ > if (result < 0) { > return RLM_MODULE_OK; > } > > Note: check_expiration returns -1 if the account has expired. > > Thanks in advance, > Daniel > > - > List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
Expiration handling should probably be moved to a separate module. I 've opened bug#105 for that. -- Kostas Kalevras Network Operations Center [EMAIL PROTECTED] National Technical University of Athens, Greece Work Phone: +30 210 7721861 'Go back to the shadow' Gandalf - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html