(RADIATOR) more confusion ;-)

Hugh Irvine hugh at open.com.au
Mon Apr 29 03:46:39 CDT 2002 

Hello Jeremy -

Try something like this:

# define AuthBy clauses

<AuthBy RADIUS>
        Identifier ProxyAccounting
        NoForwardAuthentication
        Host somehost
        Secret  XXXXXXXX
</AuthBy>

<AuthBy FILE>
        Identifier CheckFILE
        NoDefaultIfFound
        Filename %D/users.adsl
</AuthBy>

<AuthBy SQL>
        Identifier CheckSQL
        ...
</AuthBy>

<AuthBy GROUP>
        Identifier CheckUsers
        AuthByPolicy ContinueAlways
        AuthBy ProxyAccounting
        AuthBy CheckFILE
</AuthBy>

# define Realms or Handlers

<Handler ....>
	AuthBy CheckUsers
	.....
</Handler>
	
The file %D/users.adsl would contain something like this:

# %D/users.adsl

DEFAULT  Auth-Type = CheckSQL

someuser ......
	.......

anotheruser .......
	.......

........

Note that you cannot change the AuthByPolicy in the middle of an AuthBy GROUP.

regards

Hugh



On Mon, 29 Apr 2002 17:42, Jeremy Burton wrote:
> Ok, more confusing stuff from me :)
>
> I have modified my config from before, in an attemp to make it neater..
> Basically, the just is this:
>
> 3 AuthBys in a group.
>
> 1. Bounce the Accounting off to a different radius server.  So ignore auth
> (which with the NoForwardAuthentication flag set, will by default accept).
>
> 2. Check in a file using an <AuthBy FILE></AuthBy>. 3 scenarios:
>   i) If the user is found in the file, and check items match, just accept.
>  ii) If the user is found in the file, and the check items don't match,
> just reject.
> iii) If the user is not found in the file, then proceed to the next AuthBy.
>
> 3. Use an <AuthBy SQL></AuthBy> to query the database for the user's data.
>
> The way I figured this would work is as follows:
>
>     <AuthBy GROUP>
>             AuthByPolicy ContinueWhileAccept
>             <AuthBy RADIUS>
>                     NoForwardAuthentication
>                     Host somehost
>                     Secret  XXXXXXXX
>             </AuthBy>
>             AuthByPolicy ContinueWhileIgnore
>             <AuthBy FILE>
>                     NoDefaultIfFound
>                     Filename %D/users.adsl
>             </AuthBy>
>             AuthByPolicy ContinueWhileAccept
>             <AuthBy SQL>
>             ...
>             </AuthBy>
>     </AuthBy>
>
> and having
> DEFAULT Auth-Type=Ignore
>
> in my users.adsl ...
>
> that way, authby file would trigger return to user is accepted or rejected,
> and only continue onto authby sql if ignored.
>
> anyhow. to cut a long story short, it doesn't work... level 4 logs:
>
> Mon Apr 29 17:37:22 2002: DEBUG: Packet dump:
> *** Received from 210.15.210.5 port 36757 ....
> Code:       Access-Request
> Identifier: 51
> Authentic:  1234567890123456
> Attributes:
>         User-Name = "trippinhard at adsl"
>         Service-Type = Framed-User
>         NAS-Identifier = "203.63.154.1"
>         NAS-Port = 1234
>         NAS-Port-Type = Async
>         User-Password =
> "{<231><133>!<20>i<226><252><253><141><209><190>^?<227> "
>
> Mon Apr 29 17:37:22 2002: DEBUG: Handling request with Handler 'Realm=adsl'
> Mon Apr 29 17:37:22 2002: DEBUG: Rewrote user name to trippinhard
> Mon Apr 29 17:37:22 2002: DEBUG:  Deleting session for trippinhard at adsl,
> 203.63.154.1, 1234
> Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthGROUP
> Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthRADIUS
> Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthFILE:
> Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE looks for match with
> trippinhard
> Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE looks for match with
> DEFAULT
> Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE IGNORE: Ignored
> explicitly by Auth-Type=Ignore
>
> it never gets to the AuthBy SQL even though the AuthBy FILE ignores it...
>
> I've got this to work in the past, but in a very different manner (see
> the config file I posted earlier today).. this is quite messy, and i'd
> like to make it work this way. So If anyone can suggest how this can
> work... i'd love to hear from you :)
>
> Thanks
>
> Jeremy

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list