(RADIATOR) Re: URGENT:AuthByPolicy problem!

Hugh Irvine hugh at open.com.au
Thu Aug 16 23:07:56 CDT 2001 

Hello Ganbold -

As you have discovered, the AuthBy RADIUS clause behaves differently to other 
AuthBy clauses and cannot be used in the fashion that you show in your 
configuration file. This is because the AuthBy RADIUS clause returns 
immediately with "Ignore" and processes the proxied radius reply 
asynchronously.

The usual way to deal with iPASS roaming is to put it in its own Handler, 
usually after dealing with your local requirements explicitly, so a typical 
configuration would look something like this:

.......

#define Hanlder for local processing

<Handler Realm = your.realm>
         RejectHasReason
         AccountingHandled
         SessionDatabase SQL1
         AuthByPolicy ContinueUntilAccept
         AuthBy AscendAuthOnly
         AuthBy CiscoAuthOnly
         AuthBy CheckMERIT
         PostAuthHook \    
         file:"/root/radiator/Radiator-2.18.1/CheckBlockTimeLeft"	
</Handler>

# define Handler for iPASS (everything else)

<Handler>
	RejectHasReason
	SessionDatabase SQL1
	AuthBy CheckIPASS
</Handler>

hth

Hugh


On Saturday 18 August 2001 01:20, ganbold wrote:

> > Hello,
>
> We are using Radiator-2.18.1 on FreeBSD-4.3-STABLE.
> It is working very well and good enough.
>
> I have using AuthBySQL for dial-up subscribers and AuthByRadius for
> iPass outbound authentication.
>
> Just yesterday I added another AuthByRadius for proxy authentication to
> our old Merit AAA-4.2.1E.
>
> After that Merit AAA-4.2.1E radius users can't to authenticate.
>
> They received, username/password wrong or invalid message from Radiator.
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list