(RADIATOR) Continuous looping of Radiator after config change

Young, Tim Tim.Young at compuware.com
Tue Feb 19 11:39:19 CST 2002 

Hugh,

Thanks for the quick response.

Let me apologize ahead of time for any rambling I do on this. It has been
many years since I have had to deal with this config and I have had many
different positions as well. (Some of them management which may explain my
decreased technical skills).

I will try and annotate the config file as best I can.

<snip>
Below is the pertinent Client portion of the config:
> # Client config for natasha
> <Client natasha.compuware.com>
> 	Secret blah6
> 	DefaultRealm vpn.compuware.com
> </Client>
<snip>
> <Realm vpn.compuware.com>
> #	<AuthBy FILE>
> #		Filename %D/VPN_User
> #		Nocache
> #		DynamicCheck Group
> #	</AuthBy>
> 	AuthByPolicy ContinueWhileAccept
	
We do the AuthByPolicy to make sure that both AuthBy SQL statements return
accepts before allowing access.

> 	<AuthBy SQL>
> 		DBSource dbi:mysql:serauser
> 		DBUsername radius
> 		DBAuth blah
> 		AuthSelect select password, 'Service-Type = Login-User,
> Auth-Type = System'  \
> 			from serauser where serauser='%u'

I am quite clear on this but I believe we needed to return not only the
password but the two attached attributes in order for the authentication
process through the (Isolation System InfoCrypt server => Shiva VPN LanRover
gateway => Intel LanRover Gateway) to work correctly. The VPN product has,
as noted above, gone through several owners since our initial configuration.
The password is stored encrypted in the SQL server.

> 		EncryptedPassword
> 	</AuthBy>
> 	<AuthBy SQL>
> #		DynamicCheck Group
> 		DBSource dbi:mysql:serauser
> 		DBUsername radius
> 		DBAuth blah
> 		AuthSelect select seragroup from seragroup where
> serauser='%u' and seragroup = '%{Shiva-VPN-Group}'

This AuthSelect checks another table in the SQL server to verify that the
user is in a group that matches the "Shiva-VPN-Group" attribute that is
passed along with the authentication request. I remember working at length
with Mike on this. It is mentioned in the History notes for Rev 2.12.

> 		AuthColumnDef 0, Shiva-VPN-Group, check
> 	</AuthBy>
> 	AcctLogFileName %L/Natasha.%Y%m%d
> </Realm>
</snip>
</snip>

Hope this helps clear some things up about my problem.

Many thanks to Damir for his suggestion on how to prevent the looping from
happening. I have looked under the hood of Radiator which is why I was
sooooo happy to convince my company to purchase it instead of many other
more expensive commercial versions our there.

Regards,

Tim Young
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list