On 7 Oct 2013, at 10:36, a.l.m.bu...@lboro.ac.uk wrote: > Hi, > >> We're finding these nuggets of code as we dig deeper into James's >> legacy config. If the Access-Accept response is not required, then >> presumably I can ditch that entire code block and let the >> wisms-testing auth attempt go through the system as any other user. > > yes....but you'd be better off just sending an immediate Access-Reject > or these probes go through your whole config and hit your backend > authentication > servers for no reason.
Well you want the probes to go through and hit your backed authentication servers, and your databases, and any external resource. In the event of a failure of any of those modules you want to not respond to the WiSM. In 3.0.0 a really easy way to check for that sort of thing is using the presence of Module-Failure-Message, though you should be careful to clear it if you have redundant sections, or alternative behaviour on module failure. Previously Module-Failure-Message had to be set explicitly by the module, so wasn't implemented by all modules. In 3.0.0 when standardising the logging macros and added a call to set it on all request errors (RERROR, REDEBUG, REDEBUG2, REDEBUG3, REDEBUG4), which most, if not all modules use to log errors. -Arran Arran Cudbard-Bell <a.cudba...@freeradius.org> FreeRADIUS Development Team - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html