(RADIATOR) Proxy pbs

Hugh Irvine hugh at open.com.au
Fri Oct 12 22:23:02 CDT 2001


Salut Romain -

The correct answer to your question is to reverse the order of your AuthBy 
RADIUS clauses so the result of the last AuthBy is the result of the 
authentication.

# define accounting before authentication

  <Realm DEFAULT>
          AuthByPolicy ContinueAlways

             <AuthBy RADIUS>
                  Host 172.29.xx.zz
                  NoForwardAuthentication
                  AcctPort 1646
                  Secret xxxxxxxxxxxx
                  LocalAddress 172.29.yy.yy
           </AuthBy>

           <AuthBy RADIUS>
                  Host 172.29.xx.xx
                  Host 172.29.xx.yy
                  AuthPort 1645
                  NoForwardAccounting
                  LocalAddress 172.29.yy.yy
                 <Host 172.29.xx.xx>
                          Secret xxxxxxxxxxx
                  </Host>
                  <Host 172.29.xx.yy
                         Secret xxxxxxxxxx
                  </Host>
          </AuthBy>
   
  </Realm>
   

hth

Hugh

PS - you really should not use Synchronous with an AuthBy RADIUS, as the 
impact on performance can be extreme.


On Saturday 13 October 2001 04:35, Gustavo Moreira wrote:
> Romain:
>     If you like wait the reply and then to respond to the NAS. You would
> have to see the 6.29.17 item Synchronous
>
> Gustavo Moreira.
>
>   ----- Original Message -----
>   From: Romain Vergniol
>   To: radiator at open.com.au ; hugh at open.com.au
>   Sent: Friday, October 12, 2001 12:23 PM
>   Subject: (RADIATOR) Proxy pbs
>
>
>   Hello,
>
>   I'm trying to set up a proxy that would be able to forward accounting to
> a different server. So I tried something like this (described in the
> reference manual) :
>
>   <Realm DEFAULT>
>           AuthByPolicy ContinueAlways
>
>            <AuthBy RADIUS>
>                   Host 172.29.xx.xx
>                   Host 172.29.xx.yy
>                   AuthPort 1645
>                   NoForwardAccounting
>                   LocalAddress 172.29.yy.yy
>                  <Host 172.29.xx.xx>
>                           Secret xxxxxxxxxxx
>                   </Host>
>                   <Host 172.29.xx.yy
>                          Secret xxxxxxxxxx
>                   </Host>
>           </AuthBy>
>
>            <AuthBy RADIUS>
>                   Host 172.29.xx.zz
>                   NoForwardAuthentication
>                   AcctPort 1646
>                   Secret xxxxxxxxxxxx
>                   LocalAddress 172.29.yy.yy
>            </AuthBy>
>
>   </Realm>
>
>
>   The problem is that authentication is always accepted ...
>   So I tried with "IgnoreAuth..." and "IgnoreAcct..." but it doesn't seem
> to work. What's the way to properly configure this proxy ?
>
>   Thanx
>
>   Romain VERGNIOL
>
>   CEGEDIM
>   Service Réseau Boulogne
>   Fax : 33 01 46 03 45 95
>   Tel  : 33 01 49 09 84 02
>   romain.vergniol at cegedim.fr

----------------------------------------
Content-Type: text/html; charset="iso-8859-1"; name="Attachment: 1"
Content-Transfer-Encoding: quoted-printable
Content-Description: 
----------------------------------------

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list