(RADIATOR) more confusion ;-)

Jeremy Burton jpburton at netspace.net.au
Mon Apr 29 02:42:01 CDT 2002


Ok, more confusing stuff from me :)

I have modified my config from before, in an attemp to make it neater..
Basically, the just is this:

3 AuthBys in a group.

1. Bounce the Accounting off to a different radius server.  So ignore auth 
(which with the NoForwardAuthentication flag set, will by default accept).

2. Check in a file using an <AuthBy FILE></AuthBy>. 3 scenarios:
  i) If the user is found in the file, and check items match, just accept. 
 ii) If the user is found in the file, and the check items don't match, just
     reject.
iii) If the user is not found in the file, then proceed to the next AuthBy.

3. Use an <AuthBy SQL></AuthBy> to query the database for the user's data.

The way I figured this would work is as follows:

    <AuthBy GROUP>
            AuthByPolicy ContinueWhileAccept
            <AuthBy RADIUS>
                    NoForwardAuthentication
                    Host somehost
                    Secret  XXXXXXXX
            </AuthBy>
            AuthByPolicy ContinueWhileIgnore
            <AuthBy FILE>
                    NoDefaultIfFound
                    Filename %D/users.adsl
            </AuthBy>
            AuthByPolicy ContinueWhileAccept
            <AuthBy SQL>
            ...
            </AuthBy>
    </AuthBy>

and having 
DEFAULT Auth-Type=Ignore

in my users.adsl ... 

that way, authby file would trigger return to user is accepted or rejected,
and only continue onto authby sql if ignored.

anyhow. to cut a long story short, it doesn't work... level 4 logs:

Mon Apr 29 17:37:22 2002: DEBUG: Packet dump:
*** Received from 210.15.210.5 port 36757 ....
Code:       Access-Request
Identifier: 51
Authentic:  1234567890123456
Attributes:
        User-Name = "trippinhard at adsl"
        Service-Type = Framed-User
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        NAS-Port-Type = Async
        User-Password =
"{<231><133>!<20>i<226><252><253><141><209><190>^?<227> "

Mon Apr 29 17:37:22 2002: DEBUG: Handling request with Handler 'Realm=adsl'
Mon Apr 29 17:37:22 2002: DEBUG: Rewrote user name to trippinhard
Mon Apr 29 17:37:22 2002: DEBUG:  Deleting session for trippinhard at adsl,
203.63.154.1, 1234
Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthGROUP
Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthRADIUS
Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE looks for match with
trippinhard
Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE IGNORE: Ignored explicitly by Auth-Type=Ignore

it never gets to the AuthBy SQL even though the AuthBy FILE ignores it...

I've got this to work in the past, but in a very different manner (see
the config file I posted earlier today).. this is quite messy, and i'd
like to make it work this way. So If anyone can suggest how this can 
work... i'd love to hear from you :)

Thanks

Jeremy

-- 
Jeremy Burton
Database Administrator, Netspace Online Systems
jpburton at netspace.net.au
jpburton at thedonkeys.org
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list