(RADIATOR) AuthBy GROUP - AuthBy RADIUS

Hugh Irvine hugh at open.com.au
Thu Nov 15 16:15:16 CST 2001 

Hi Benny -

How are you my old friend? Haven't heard from you for ages!

On Thursday 15 November 2001 21:35, Benny Chee wrote:
> hi,
>
> 	i have the following situation:
> 	i m acting as a radius proxy that proxies all request from my NAS,
> however, my customer requires me to point authentication and accounting to
> different servers and vice vesa if anyone fails.
>
> 	authentication - 10.0.1.2:1645 (primary)
> 	authentication - 10.0.1.3:1645 (secondary)
>
> 	accounting     - 10.0.1.3:1646 (primary)
>         accounting     - 10.0.1.2:1646 (secondary)
>
> 	i have come out with the config as shown below, but it's not working out
> well. Any idea?
>
> <Realm DEFAULT>
>         RewriteUsername s/^([^@]+).*/$1/
>         AuthByPolicy ContinueUntilAccept
>         <AuthBy GROUP>                          # 1st group
>           AuthByPolicy ContinueAlways
>           <AuthBy RADIUS>
>             NoForwardAccounting
>             Host 10.0.1.2
>             Secret secret
>             AuthPort 1645
>           </AuthBy>
>           <AuthBy RADIUS>
>             NoForwardAuthentication
>             Host 10.0.1.3
>             Secret secret
>             AcctPort 1646
>           </AuthBy>
>         </AuthBy>
>         <AuthBy GROUP>                          # 2nd group
>           AuthByPolicy ContinueAlways
>           <AuthBy RADIUS>
>             NoForwardAccounting
>             Host 10.0.1.3
>             Secret secret
>             AuthPort 1645
>           </AuthBy>
>           <AuthBy RADIUS>
>             NoForwardAuthentication
>             Host 10.0.1.2
>             Secret secret
>             AcctPort 1646
>           </AuthBy>
>         </AuthBy>
> </Realm>

You would be better using Handlers to do what you are describing above.

Something like this:

<AuthBy RADIUS>
	Identifier RadiusAuthentication
	<Host 10.0.1.2>
		Secret .....
		AuthPort 1645
		AcctPort
	</Host>
	<Host 10.0.1.3>
		Secret .....
		AuthPort 1645
		AcctPort
	</Host>
</AuthBy>

<AuthBy RADIUS>
	Identifier RadiusAccounting
	<Host 10.0.1.3>
		Secret .....
		AuthPort
		AcctPort 1646
	</Host>
	<Host 10.0.1.2>
		Secret .....
		AuthPort 
		AcctPort 1646
	</Host>
</AuthBy>

<Handler Request-Type = Accounting-Request>
	AuthBy RadiusAccounting
</Handler>

<Handler>
	AuthBy RadiusAuthentication
</Handler>

Note that you should not mix Realms and Handlers in the same configuration 
file, so any other existing Realm clauses should be converted to Handlers.

If I can be of any further assistance, just ask.

cheers

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list