(RADIATOR) AuthyByPolicy

Hugh Irvine hugh at open.com.au
Wed May 16 07:58:57 CDT 2001


Hello Chris -

You cannot chain AuthBy RADIUS clauses like this, due to the way the 
AuthBy RADIUS clause operates - ie. it is asynchronous. There are two 
ways of dealing with this: first is use the CachePasswords option 
which will tell the clause to cache recent requests and responses and 
use the cached entry in case the proxy does not respond. Otherwise 
you can use a NoReplyHook (there is an example in the file 
"goodies/hooks.txt").

Probably a better approach in any case is to define multiple targets 
for the proxy and have Radiator fail over automatically. There are 
several such modules in Radiator 2.18.1 (RADIUS, ROUNDROBIN, 
VOLUMEBALANCE, LOADBALANCE).

hth

Hugh


At 21:54 +0200 15/5/01, Chris Cronje - MWeb wrote:
>Hi There
>
>I was wondering if anyone has done this before ?
>I'm using Radiator to authenticate off another Radiator server, like a
>proxy. If the radius server fails, I want my proxy to mark the server dead
>for 10 minutes and then continue to the next Authby clause, which is AuthBy
>FILE.
>
>What happens in practise is that if my proxy receives a timeout, it
>retransmits once, marks the server dead for 10 minutes and then says:
>
>Tue May 15 21:53:41 2001: INFO: AuthRADIUS could not find a working host to
>forward to. Ignoring
>
>But, it never goes to the next AuthBy statement.
>
>Am I doing something wrong in my config here ?
>
>
><Realm DEFAULT>
>AuthByPolicy ContinueUntilIgnore
>      <AuthBy RADIUS>
>          Host x.x.x.x
>          Retries 1
>          RetryTimeout 3
>          FailureBackoffTime 600
>          Secret M at x$3$$!0n$
>      </AuthBy>
>
>      <AuthBy FILE>
>          Filename users    
>          AcceptIfMissing
>       </AuthBy>      
>
></Realm>   
>===
>Archive at http://www.open.com.au/archives/radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.

-- 

NB: I am travelling this week, so there may be delays in our correspondence.

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list