(RADIATOR) Multiple realms in handler
Ken Kirkby
ken at terrigal.net.au
Sun Sep 16 21:26:47 CDT 2001
Hugh Irvine wrote:
>
> Hello Matt -
>
> No there is no limit to the number of Realms or Handlers, however Handlers
> are evaluated individually in the order they appear in the configuration file.
> (Realms are looked up directly in a table.)
>
> The alternative is to run two levels of radius servers, the first one will
> only match on "Called-Station-Id" and will proxy to another instance of
> Radiator (either on this box or another box) which will then do the
> distribution to the the various Realms. There is a special module in the
> "goodies" directory to do exactly this, called "CalledStationId.pm". It is
> used instead of a Realm or Handler, like this:
>
> # define special clauses for Called-Station-Id
>
> <CalledStationId 1111111>
> .....
> </CalledStationId>
>
> <CalledStationId 2222222>
> ......
> </CalledStationId>
>
> .....
>
> The CalledStationId.pm module must be copied into the "Radius" subdirectory
> (and installed if required) to make it available for use.
>
> Handlers are evaluated in the order they appear in the configuration file, so
> you should have the most often used ones first and the less used ones towards
> the end. The other thing to keep in mind is that the more specific Handlers
> must appear *before* the more general ones so they get evaluated properly.
>
> hth
>
> Hugh
>
> On Monday 17 September 2001 10:57, Matt Scifo wrote:
> > Hugh,
> >
> > Is there a max number of handlers that I can have in a cfg? To implement
> > two-stage proxy the way you suggested, I will end up having approx. 500
> > handler clauses. Does the number of clauses in the cfg file effect the
> > performance of radiator?
> >
> > Matt
> >
> > -----Original Message-----
> > From: Hugh Irvine [mailto:hugh at open.com.au]
> > Sent: Friday, September 14, 2001 2:01 AM
> > To: Matt Scifo; radiator at open.com.au
> > Subject: Re: (RADIATOR) Multiple realms in handler
> >
> >
> >
> > Hello Matt -
> >
> > On Friday 14 September 2001 10:32, Matt Scifo wrote:
> > > Hello
> > >
> > > Can anyone tell me if this is possible to implement?
> > >
> > > Two-Stage Proxy
> > > * All Requests initially parsed by Called-Station-Id
> > > * Option of then parsing requests, within a single Realm to match a
> > > set of criteria based on "@realm" username identifiers
> > >
> > > ---------------------------------------
> > > #Use regexp for called-station-id
> > > <Handler Called-Station-Id = /\d{4}$/>
> > > #If user at realm1, then do this
> > > <Realm realm1>
> > > <AuthBy RADIUS>
> > > Host host1
> > > Secret secret1
> > > </AuthBy>
> > > </Realm>
> > >
> > > #If user at realm2, then do this
> > > <Realm realm2>
> > > <AuthBy RADIUS>
> > > Host host2
> > > Secret secret2
> > > </AuthBy>
> > > </Realm>
> > >
> > > #If user at realm3, then do this
> > > <Realm realm3>
> > > <AuthBy RADIUS>
> > > Host host3
> > > Secret secret3
> > > </AuthBy>
> > > </Realm>
> > >
> > > #If realm not found above
> > > <Realm DEFAULT>
> > > <AuthBy RADIUS>
> > > Host host1
> > > Secret secret1
> > > </AuthBy>
> > > </Realm>
> > > </Handler>
> >
> > You will need to specify multiple Handlers, like this:
> >
> > <Handler Called-Station-Id = /\d{4}$/, Realm = realm1>
> > .....
> > </Handler>
> >
> > <Handler Called-Station-Id = /\d{4}$/, Realm = realm2>
> > .....
> > </Handler>
> >
> > <Handler Called-Station-Id = /\d{4}$/, Realm = realm3>
> > .....
> > </Handler>
> >
> > <Handler Called-Station-Id = /\d{4}$/>
> > .....
> > </Handler>
> >
> > regards
> >
> > Hugh
> >
Hello Hugh,
I've been following this with interest. We want to implement a block
with
called-station-id and called-number-id so as to prevent STD calls from
an ambiguously located exchange area.
For example we'd like to block calls from 0265773xxx and 0265774xxx to
0265473002. What is the most effective way of implementing this?
A specific handler, or combination with database.
On another subject we'd also like for signup purposes to treat the
username as the password to a proxied radius server. We've tried rolling
%U the username into the password variable %P for ongoing presentation
to the
proxy, but reencrypting the password seems to defeat the process.
Suggestions or specific examples would be appreciated.
I couldnt seem to find anything relevant in the archives.
Many thanks for the ongoing development and support.
--
Ken Kirkby
PLC Peripherals * Nobbys Net + Terrigal Net
http://www.plc-peripherals.com
Real Time Hardware and Software - - Cisco Certified Regional ISP.
Servicing Regional Australia with 200 Dialup numbers Nationalwide.
PO Box 815 Terrigal NSW 2260 Australia. ph +61 2 4385 2335 fx +61 2
4385 3720
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list