(RADIATOR) Handling preauthentication

Claudio Lapidus c_lapidus at hotmail.com
Thu Sep 5 22:21:01 CDT 2002


Hello Hugh,

Yes, you are right. Your proposed solution matches my original description. 
Unfortunately then I omitted some details that make the whole thing a little 
bit complicated, like the possibility that a regular auth-req may have 
service type 5 too, because it is *really* asking for outbound service. So I 
definitely would go with your PreClientHook proposal, in this case. It seems 
far more flexible, from what I have seen so far.

Thanks once again for your continuing support.
cl.



>From: Hugh Irvine <hugh at open.com.au>
>To: "Claudio Lapidus" <c_lapidus at hotmail.com>
>CC: radiator at open.com.au
>Subject: Re: (RADIATOR) Handling preauthentication
>Date: Fri, 6 Sep 2002 10:41:42 +1000
>
>
>Hello Claudio -
>
>This is only for Service-Type = Outbound-User, which indicates 
>preauthentication according to your description.
>
>Your other normal Handlers would be used for everything else.
>
>Alternatively you could write a PreClientHook to do your checking and which 
>would add a pseudo-attribute to the request that you could then look for in 
>your special Handler.
>
>PreClientHook file:"%D/checkwhatever"
>
><Handler Special-Indicator = /...../>
>	.....
></Handler>
>
><Handler ....>
>	....
></Handler>
>
>.......
>
>
>
>
>On Friday, September 6, 2002, at 09:33 AM, Claudio Lapidus wrote:
>
>>Hello Hugh,
>>
>>>Why not use something like this:
>>>
>>><Handler User-Name = /^\d+$/, Service-Type = Outbound-User>
>>>	......
>>></Handler>
>>>
>>>which will match a User-Name that is all numbers as well as the 
>>>Service-Type.
>>
>>But then I would easily run into the wrong situation when faced with any 
>>username composed by all numbers. Being an access provider I have no 
>>control nor policy over the subscribers' usernames. That's why I'm after a 
>>more elaborate scheme. I have to insist in my original question: is there 
>>a way to specify dynamically (i.e. at runtime) Handler selection criteria?
>>
>>regards
>>cl.
>>
>>
>>
>>>regards
>>>
>>>Hugh
>>>
>>>
>>>On Thursday, September 5, 2002, at 04:04 PM, Claudio Lapidus wrote:
>>>
>>>>Hello,
>>>>
>>>>I'm trying to set up a handler to deal with dialup preauthentication. 
>>>>Here the distinctive feature (besides service type) is that the Username 
>>>>attrib has the same value as Called-Station-Id. Is it possible to do it 
>>>>with something like the construct below?
>>>>
>>>><Handler Called-Station-Id=%u,Service-Type=Outbound-User>
>>>>
>>>>In other words, it is possible to use special characters in a config 
>>>>directive this way? If the above is not possible, then how could it be 
>>>>done? Note that I don't necessarily know in advance the actual dialed 
>>>>number, but I only do know that it will be equal to the username.
>>>>
>>>>regards
>>>>cl.
>>>>
>>>>
>>>>
>>>>
>>>>_________________________________________________________________
>>>>MSN Photos is the easiest way to share and print your photos: 
>>>>http://photos.msn.com/support/worldwide.aspx
>>>>
>>>>===
>>>>Archive at http://www.open.com.au/archives/radiator/
>>>>Announcements on radiator-announce at open.com.au
>>>>To unsubscribe, email 'majordomo at open.com.au' with
>>>>'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>
>>>--
>>>Radiator: the most portable, flexible and configurable RADIUS server
>>>anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>>>-
>>>Nets: internetwork inventory and management - graphical, extensible,
>>>flexible with hardware, software, platform and database independence.
>>>
>>
>>
>>
>>
>>_________________________________________________________________
>>Chat with friends online, try MSN Messenger: http://messenger.msn.com
>>
>>
>
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>-
>Nets: internetwork inventory and management - graphical, extensible,
>flexible with hardware, software, platform and database independence.




_________________________________________________________________
Chat with friends online, try MSN Messenger: http://messenger.msn.com

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list