Fwd: (RADIATOR) Question on FailurePolicy within SQLRADIUS

Mike McCauley mikem at open.com.au
Wed Nov 6 02:18:02 CST 2002 

Hi Martin,

On Wed, 6 Nov 2002 18:58, Hugh Irvine wrote:
> Mikey -
>
> Could you answer Martin please?
>
> ta
>
> Hugh
>
> Begin forwarded message:
> > From: "Martin Edge" <martinedge at kbs.net.au>
> > Date: Wed Nov 6, 2002  9:17:50 AM Australia/Melbourne
> > To: "Radiator" <radiator at open.com.au>
> > Subject: (RADIATOR) Question on FailurePolicy within SQLRADIUS
> >
> > Hey Guys,
> >
> > Quick question (well, it might not be ;)), I have a feeling I might
> > have
> > asked something along the same lines before..
> >
> > But I'm trying to test the FailurePolicy settings within SQLRADIUS.
> > Having a
> > look..
> >
> > Now, within the code, it's saying if HostColumnDef exists, then use
> > getHostColumns in order to set the current configuration for the next
> > host
> > to proxy to. When the failurepolicy is set from retrieving the server,
> > I'm
> > trying to confirm whether it would be assigning the FailurePolicy to
> > that
> > one server, just for that request, or to a group of packets to the same
> > destination server port pair.

The failure policy from teh database is used to set a flag in the request 
packet. So the policy you get applies to just that request sent to just that 
server. Obviously, the failurePolicy will usually be exactly the same for 
every request sent to a particular server, but it doent have to be so.


> >
> > $fp is used within the code here, but I'm not sure what that is
> > referencing
> > .. Appears to be the current packet instance ?

$fp refers to the packet currently being forwarded.


> >
> > Technically, if there is no host to proxy to, (which I guessing is
> > quite
> > possible as there is no single identifier for a destination proxy,
> > This is
> > that NumHosts debarkle again), then it will fall back to the
> > superclass to
> > fall back to any hardwired hosts. At which point does it honor the
> > failurepolicy ?

If no host comes from the database, then there is no host to proxy to and 
therefore the failure policy has no meaning (recall the policy defines what 
to do if there is no reply to a proxied packet)

If no host comes from the database, it falls back to any hardwired hosts in 
AuthBy SQLRADIUS.

> >
> > Is the expectation that a FailurePolicy will only be used when the
> > hosts
> > that "are" avaliable are being ignored? 
...are not replying. Yes.

>> Not when HostSelect returns no
> > results on the second attempt for those downstreams with an additional
> > RADIUS server (as defined by the limitations of NumHosts) that don't
> > exist?
Correct.

> >
> > I guess the global issue appears to be that a downstream proxy customer
> > isn't "identified" as anyone in particular within the RADIUS code.
> >
> > Is there any plans for development within the SQLRADIUS module to
> > create an
> > pseudo-identifier, to give the ability to configuring information
> > about the
> > downstream and setting statistics etc. for each Downstream Identifier
> > within
> > the SQLRADIUS results.. ? Or is this too specific and would be best
> > hiding
> > in it's own AuthBy Module ?

No current plans for SQLRADIUS, but obvious and generally felt deficiencies 
will (as always) be addressed. Discussion is welcome.

> >
> > Hope I'm not being too confusing :-)
> >
> > Regards,
> > Martin Edge
> > Software/Network Engineer
> > KBS Internet
> >
> > Phone: 1300 727 205
> > Web: http://www.kbs.net.au/
> > Extranet: http://xray.kbs.net.au/
> > eMail: support at kbs.net.au
> > -------------=-=-=-----------------
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
>
> NB: I am travelling this week, so there may be delays in our
> correspondence.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia   http://www.open.com.au
Phone +61 3 9598-0985                       Fax   +61 3 9598-0955

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS etc on Unix, Windows, MacOS etc.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list