On Wed, Sep 09, 2009 at 11:08:43PM +0100, Ivan Kalik wrote: > > I would like to override failed (rejected, timed out) proxy responses with > > local authentication data. IOW, if the proxy request fails, I want to > > process the request locally. > > This is documented in post-proxy section.
I assume you mean the stock configuration's sites-available/default post-proxy section. It certainly says the request may be 'massaged' there, but does not indicate how to go about the more advanced 'massaging' I asked after in my post. The only thing that even comes close in the sample configuration is attr_rewrite, which is far too simplistic for what I'm looking to do. Again, what I'm after is to process the request locally for unresponsive proxies or proxy Access-Rejects. By 'process the request locally,' I mean achieve the same effect as if the request was re-run through the authorize and authenticate sections. I've looked into achieving this with rlm_perl. I see two problems with using an rlm_perl post-proxy handler to 'massage' the reply in this way. First, FreeRADIUS functionality would need to be duplicated in the post-proxy handler, particularly any authentication methods I wish to use, since there is no apparent way to call the authenticate handlers in FreeRADIUS modules at this point. Secondly, the response code is not available in the hashes passed to rlm_perl modules, so rlm_perl handlers cannot change it. john -- John Morrissey _o /\ ---- __o [email protected] _-< \_ / \ ---- < \, www.horde.net/ __(_)/_(_)________/ \_______(_) /_(_)__ - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
