(RADIATOR) Getting rejection reason right...
Hugh Irvine
hugh at open.com.au
Tue Jan 1 20:18:40 CST 2002
Hello James -
On Wed, 2 Jan 2002 06:05, James Laszko wrote:
> We've got Radiator 2.19 installed using a Platypus SQL box for
> authentication. We have two handlers setup, one for usernames with
> realms, one for just plain usernames. In each handler, we check for
> authentication from the SQL box on the username and the username with
> the realm appended (by rewriting the username). Our AuthByPolicy is
> setup for ContinueUntilAccept.
>
> The problem I'm trying to resolve is this: If a user logs in as
> joeblow, gets checked to the SQl box as joeblow, gets a REJECT because
> of BAD PASSWORD, Radiator moves on and tries checking joeblow at realm and
> gets a REJECT because the user DOESN'T EXIST. The REJECT REASON given
> back to the NAS is that he doesn't exist, rather than bad password,
> which was the real problem...
>
> Is there a way to stop checking when there's a BAD PASSWORD vs. the user
> NOT EXISTING?
>
You should use an AuthByPolicy of ContinueWhileIgnore, so the first Accept or
Reject will cause the execution of the AuthBy clauses to stop.
>
> On a side note: When the user is authenticated successfully, are
> accounting records sent to the accounting server with the username
> originally passed by the NAS or the rewritten username that finally got
> an ACCEPT?
>
The NAS always sends the original username as entered by the user.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list