(RADIATOR) AuthByPolicy question

Hugh Irvine hugh at open.com.au
Mon Oct 1 19:10:12 CDT 2001 

Hello Toni -

You have discovered the reason for the existence of the AuthBy GROUP clause.

Ie. you cannot change an AuthByPolicy part way through a list of AuthBy 
clauses, so you need different lists.

So here is what to do:

<AuthBy SQL>
        Identifier              Auth-SQL
        ...
        AccountingTable
</AuthBy>

<AuthBy SQL>
        Identifier              Acct-SQL
        ...
        AuthSelect
</AuthBy>

<AuthBy FILE>
        Identifier              Auth-File
        ...
</AuthBy>

<AuthBy GROUP>
	Identifier Auth-Group
	AuthByPolicy ContinueUntilAccept
	AuthBy Auth-Sql
	AuthBy Auth-File
</AuthBy>

<Realm DEFAULT>
        ...
        AuthByPolicy            ContinueAlways
        AuthBy                  Acct-SQL
        AuthBy                  Auth-Group
</Realm>


hth

Hugh


On Monday 01 October 2001 19:11, Toni Riekkinen wrote:
> I have the following situation:
>
> <AuthBy SQL>
>         Identifier              Auth-SQL
>         ...
>         AccountingTable
> </AuthBy>
>
> <AuthBy SQL>
>         Identifier              Acct-SQL
>         ...
>         AuthSelect
> </AuthBy>
>
> <AuthBy FILE>
>         Identifier              Auth-File
>         ...
> </AuthBy>
>
> <Realm DEFAULT>
>         ...
>         AuthByPolicy            ContinueAlways
>         AuthBy                  Acct-SQL
>         AuthBy                  Auth-SQL
> #        AuthBy                  Auth-File
> </Realm>
>
>
> I'd like to improve this Realm with a flat file authentication. So that
> _IF_ connection to Auth-SQL database fails (I have different database in
> auth and acct), we would fall back to a flat file as our last change. I
> can't use ContinueAlways anymore, right?
>
> I tried for example ContinueUntilReject, because thought it would have been
> the solution (though that if we can't connect into database, it would
> continue to file), but for some reason it don't seem to work. What
> AuthByPolicy method should I use?
>
>
> ++Toni
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list