(RADIATOR) %{Handler:name}
Hugh Irvine
hugh at open.com.au
Mon Sep 9 18:27:12 CDT 2002
Hello Mariano -
The way that Radiator is designed allows you to specify a single AuthBy
clause and call it from multiple Handlers, using special characters for
the parameters, rather than specifying many different AuthBy clauses.
The special characters most often used are GlobalVars that have been
defined in the configuration file itself, or passed in from the command
line.
Note that for proxy radius targets, Radiator now supports the AuthBy
SQLRADIUS clause that allows you to maintain your target hosts in an SQL
database.
regards
Hugh
On Tuesday, September 10, 2002, at 06:16 AM, Mariano Absatz wrote:
> El 6 Sep 2002 a las 9:42, Hugh Irvine escribió:
>
>>
>> Hello Mariano -
>>
>> I'm afraid I dont quite understand what you are wanting to do.
>>
>> Could you give me a bit more detail?
> Yup.
>
> I'm trying to generalize the way I write very similar proxies where
> maybe the only thing that
> changes is the proxied hosts/ports and where I log accounting
> failures...
>
> Since this stuff goes in a different <AuthBy Radius> (or <AuthBy
> LOADBALANCE> for that
> matter), I want to name (via "Identifier") each AuthBy and be able to
> recall that name within
> the AuthBy...
>
> In the manual (http://www.open.com.au/radiator/ref.html#pgfId=291148) I
> see that I can find
> out which client triggered a clause (%{Client:name}) and which handler
> did so
> (%{Handler:name}), but I might have several clients and several
> handlers going to the same
> AuthBy and the AuthBy itself would be the selector.
>
> Let's go by example...
>
> Suppose I currently have the following in my config file:
>
> =======================START OF (portion of)
> RADIUS.CFG======================
> <AuthBy LOADBALANCE>
> Identifier Kind01
>
> Retries 1
> <Host 22.33.44.55>
> Secret aaaa
> AuthPort 1111
> AcctPort 2222
> </Host>
> <Host 22.33.44.66>
> Secret asdf
> AuthPort 2321
> AcctPort 1234
> </Host>
>
> AcctFailedLogFileName %L/ACCT-LOST/Kind01/%Y-%m-%d.log
> </AuthBy>
>
> <AuthBy LOADBALANCE>
> Identifier Kind02
>
> Retries 3
> <Host 22.33.44.55>
> Secret bbbb
> AuthPort 2231
> AcctPort 2311
> </Host>
> <Host 22.33.44.66>
> Secret qwert
> AuthPort 3333
> AcctPort 4444
> </Host>
>
> AcctFailedLogFileName %L/ACCT-LOST/Kind02/%Y-%m-%d.log
> </AuthBy>
> ========================END OF (portion of)
> RADIUS.CFG=======================
>
>
>
>
>
> I would like to change this to:
>
>
> ======================START OF (portion of)
> NEWRADIUS.CFG====================
> <AuthBy LOADBALANCE>
> Identifier Kind01
>
> include %D/Retries%{AuthName:Identifier}.cfg
> include %D/Hosts%{AuthName:Identifier}.cfg
>
> AcctFailedLogFileName %L/ACCT-LOST/%{AuthName:Identifier}/%Y-%m-%d.log
> </AuthBy>
>
> <AuthBy LOADBALANCE>
> Identifier Kind02
>
> include %D/Retries%{AuthName:Identifier}.cfg
> include %D/Hosts%{AuthName:Identifier}.cfg
>
> AcctFailedLogFileName %L/ACCT-LOST/%{AuthName:Identifier}/%Y-%m-%d.log
> </AuthBy>
> =======================END OF (portion of)
> NEWRADIUS.CFG=====================
>
> ======================START OF RetriesKind01.cfg====================
> Retries 1
> =======================END OF RetriesKind01.cfg=====================
>
> ======================START OF HostsKind01.cfg====================
> <Host 22.33.44.55>
> Secret aaaa
> AuthPort 1111
> AcctPort 2222
> </Host>
> <Host 22.33.44.66>
> Secret asdf
> AuthPort 2321
> AcctPort 1234
> </Host>
> =======================END OF HostsKind01.cfg=====================
>
> ======================START OF RetriesKind02.cfg====================
> Retries 3
> =======================END OF RetriesKind02.cfg=====================
>
> ======================START OF HostsKind02.cfg====================
> <Host 22.33.44.55>
> Secret bbbb
> AuthPort 2231
> AcctPort 2311
> </Host>
> <Host 22.33.44.66>
> Secret qwert
> AuthPort 3333
> AcctPort 4444
> </Host>
> =======================END OF HostsKind02.cfg=====================
>
>
>
> Although this leads to a profussion of files, they are all parsed at
> startup and this allows
> me to modify things on a per AuthBy basis and keep it clean... Maybe
> give some people the
> possibility to edit some files and other people to edit other files...
>
> I might be dumb or crazy... but this kind of things helped me a lot in
> the past for keeping
> config files clean and ordered...
>
>>
>> thanks
>>
>> Hugh
>>
>>
>> On Friday, September 6, 2002, at 07:26 AM, Mariano Absatz wrote:
>>
>>> Hi Hugh, long time no see...
>>>
>>> I'm planning an installation with a bunch of front-end Radiator
>>> proxies
>>> (using <AuthBy LOADBALANCE>) to an(other) bunch of Radiator back-end
>>> servers
>>> that do the actual authentication against SQL servers.
>>>
>>> Now, the front-end farm has the "dispatching" intelligence and the
>>> back-end,
>>> the authentication intelligence...
>>>
>>> By "dispatching" I mean:
>>> "if it comes from such and such a NAS authenticate using of these
>>> back-end
>>> servers"
>>> "if the realm matches xxx authenticate against these bunch of
>>> back-ends"
>>> etc...
>>>
>>> I'm trying to generalize as much as possible and want to have short
>>> and
>>> easily manteinable config files, so I'm doing a bunch of identfied
>>> AuthBy's
>>> like this:
>>>
>>> <AuthBy LOADBALANCE>
>>> Identifier Kind01
>>>
>>> include %{GlobalVar:ConfigDir}/RetriesKind01.cfg
>>> include %{GlobalVar:ConfigDir}/HostsKind01.cfg
>>>
>>> AcctFailedLogFileName %L/ACCT-LOST/Kind01/%Y-%m-%d.log
>>> </AuthBy>
>>>
>>> This would be the AuthBy to use for the "Kind01" kind of handlers...
>>>
>>> Is there a way to have a "per AuthBy" special that has the "AuthBy"
>>> Identfier? That is... a kind of "%{LocalVar:xxxx}" where the locality
>>> is wrt
>>> the AuthBy...
>>>
>>> Would %{Handler:Identifier} do that? or that would give me the
>>> Identifier of
>>> the Handler that called this AuthBy?
>>>
>>> Otherwise, would something along the lines of this work?:
>>>
>>> <AuthBy LOADBALANCE>
>>> DefineFormattedGlobalVar KIND Kind01
>>> Identifier %{GlobalVar:KIND}
>>>
>>> include %{GlobalVar:ConfigDir}/Retries%{GlobalVar:KIND}.cfg
>>> include %{GlobalVar:ConfigDir}/Hosts%{GlobalVar:KIND}.cfg
>>>
>>> AcctFailedLogFileName %L/ACCT-LOST/%{GlobalVar:KIND}/%Y-%m-%d.log
>>> </AuthBy>
>>>
>>> <AuthBy LOADBALANCE>
>>> DefineFormattedGlobalVar KIND Kind02
>>> Identifier %{GlobalVar:KIND}
>>>
>>> include %{GlobalVar:ConfigDir}/Retries%{GlobalVar:KIND}.cfg
>>> include %{GlobalVar:ConfigDir}/Hosts%{GlobalVar:KIND}.cfg
>>>
>>> AcctFailedLogFileName %L/ACCT-LOST/%{GlobalVar:KIND}/%Y-%m-%d.log
>>> </AuthBy>
>>>
>>>
>>> TIA.
>>>
>>>
>>> --
>>> Mariano Absatz
>>> El Baby
>>> ----------------------------------------------------------
>>> It said, "Insert disk #3," but only two will fit!
>>>
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list