(RADIATOR) Multiple realms in handler
Hugh Irvine
hugh at open.com.au
Sun Sep 16 21:03:05 CDT 2001
Hello Matt -
No there is no limit to the number of Realms or Handlers, however Handlers
are evaluated individually in the order they appear in the configuration file.
(Realms are looked up directly in a table.)
The alternative is to run two levels of radius servers, the first one will
only match on "Called-Station-Id" and will proxy to another instance of
Radiator (either on this box or another box) which will then do the
distribution to the the various Realms. There is a special module in the
"goodies" directory to do exactly this, called "CalledStationId.pm". It is
used instead of a Realm or Handler, like this:
# define special clauses for Called-Station-Id
<CalledStationId 1111111>
.....
</CalledStationId>
<CalledStationId 2222222>
......
</CalledStationId>
.....
The CalledStationId.pm module must be copied into the "Radius" subdirectory
(and installed if required) to make it available for use.
Handlers are evaluated in the order they appear in the configuration file, so
you should have the most often used ones first and the less used ones towards
the end. The other thing to keep in mind is that the more specific Handlers
must appear *before* the more general ones so they get evaluated properly.
hth
Hugh
On Monday 17 September 2001 10:57, Matt Scifo wrote:
> Hugh,
>
> Is there a max number of handlers that I can have in a cfg? To implement
> two-stage proxy the way you suggested, I will end up having approx. 500
> handler clauses. Does the number of clauses in the cfg file effect the
> performance of radiator?
>
> Matt
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Friday, September 14, 2001 2:01 AM
> To: Matt Scifo; radiator at open.com.au
> Subject: Re: (RADIATOR) Multiple realms in handler
>
>
>
> Hello Matt -
>
> On Friday 14 September 2001 10:32, Matt Scifo wrote:
> > Hello
> >
> > Can anyone tell me if this is possible to implement?
> >
> > Two-Stage Proxy
> > * All Requests initially parsed by Called-Station-Id
> > * Option of then parsing requests, within a single Realm to match a
> > set of criteria based on "@realm" username identifiers
> >
> > ---------------------------------------
> > #Use regexp for called-station-id
> > <Handler Called-Station-Id = /\d{4}$/>
> > #If user at realm1, then do this
> > <Realm realm1>
> > <AuthBy RADIUS>
> > Host host1
> > Secret secret1
> > </AuthBy>
> > </Realm>
> >
> > #If user at realm2, then do this
> > <Realm realm2>
> > <AuthBy RADIUS>
> > Host host2
> > Secret secret2
> > </AuthBy>
> > </Realm>
> >
> > #If user at realm3, then do this
> > <Realm realm3>
> > <AuthBy RADIUS>
> > Host host3
> > Secret secret3
> > </AuthBy>
> > </Realm>
> >
> > #If realm not found above
> > <Realm DEFAULT>
> > <AuthBy RADIUS>
> > Host host1
> > Secret secret1
> > </AuthBy>
> > </Realm>
> > </Handler>
>
> You will need to specify multiple Handlers, like this:
>
> <Handler Called-Station-Id = /\d{4}$/, Realm = realm1>
> .....
> </Handler>
>
> <Handler Called-Station-Id = /\d{4}$/, Realm = realm2>
> .....
> </Handler>
>
> <Handler Called-Station-Id = /\d{4}$/, Realm = realm3>
> .....
> </Handler>
>
> <Handler Called-Station-Id = /\d{4}$/>
> .....
> </Handler>
>
> regards
>
> Hugh
>
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list