(RADIATOR) %{Handler:name}
Mariano Absatz
radiator at lists.com.ar
Thu Sep 12 08:30:23 CDT 2002
El 10 Sep 2002 a las 9:27, Hugh Irvine escribió:
>
> Hello Mariano -
>
> The way that Radiator is designed allows you to specify a single AuthBy
> clause and call it from multiple Handlers, using special characters for
> the parameters, rather than specifying many different AuthBy clauses.
> The special characters most often used are GlobalVars that have been
> defined in the configuration file itself, or passed in from the command
> line.
But how could I parametrize them on a handler by handler basis within the
same config file...
As far as I see, the "AuthBy <Identifier-name>" doesn't allow any parameters
to be passed from the <Handler> to the <AuthBy>... or does it?
What else (besides "Identifier") can I use in a %{Handler:name} within an
AuthBy?
What is the "scope" of GlobalVar and when are they set?
That is, if I have the following:
======================================================
<Handler xxxx>
Identifier foo
DefineFormattedGlobalVar host abc
AuthBy MyAuthby
</Handler>
<Handler yyyy>
Identifier bar
DefineFormattedGlobalVar host xyz
AuthBy MyAuthby
</Handler>
<AuthBy Radius>
Identifier MyAuthby
Host %{GlobalVar:host}
</AuthBy>
======================================================
Will it proxy to host abc if it comes from handler xxxx and to host xyz if it
comes from handler yyyy?
>
> Note that for proxy radius targets, Radiator now supports the AuthBy
> SQLRADIUS clause that allows you to maintain your target hosts in an SQL
> database.
>
> regards
>
> Hugh
>
>
> On Tuesday, September 10, 2002, at 06:16 AM, Mariano Absatz wrote:
>
> > El 6 Sep 2002 a las 9:42, Hugh Irvine escribió:
> >
> >>
> >> Hello Mariano -
> >>
> >> I'm afraid I dont quite understand what you are wanting to do.
> >>
> >> Could you give me a bit more detail?
> > Yup.
> >
> > I'm trying to generalize the way I write very similar proxies where
> > maybe the only thing that
> > changes is the proxied hosts/ports and where I log accounting
> > failures...
> >
> > Since this stuff goes in a different <AuthBy Radius> (or <AuthBy
> > LOADBALANCE> for that
> > matter), I want to name (via "Identifier") each AuthBy and be able to
> > recall that name within
> > the AuthBy...
> >
> > In the manual (http://www.open.com.au/radiator/ref.html#pgfId=291148) I
> > see that I can find
> > out which client triggered a clause (%{Client:name}) and which handler
> > did so
> > (%{Handler:name}), but I might have several clients and several
> > handlers going to the same
> > AuthBy and the AuthBy itself would be the selector.
> >
> > Let's go by example...
> >
> > Suppose I currently have the following in my config file:
> >
> > =======================START OF (portion of)
> > RADIUS.CFG======================
> > <AuthBy LOADBALANCE>
> > Identifier Kind01
> >
> > Retries 1
> > <Host 22.33.44.55>
> > Secret aaaa
> > AuthPort 1111
> > AcctPort 2222
> > </Host>
> > <Host 22.33.44.66>
> > Secret asdf
> > AuthPort 2321
> > AcctPort 1234
> > </Host>
> >
> > AcctFailedLogFileName %L/ACCT-LOST/Kind01/%Y-%m-%d.log
> > </AuthBy>
> >
> > <AuthBy LOADBALANCE>
> > Identifier Kind02
> >
> > Retries 3
> > <Host 22.33.44.55>
> > Secret bbbb
> > AuthPort 2231
> > AcctPort 2311
> > </Host>
> > <Host 22.33.44.66>
> > Secret qwert
> > AuthPort 3333
> > AcctPort 4444
> > </Host>
> >
> > AcctFailedLogFileName %L/ACCT-LOST/Kind02/%Y-%m-%d.log
> > </AuthBy>
> > ========================END OF (portion of)
> > RADIUS.CFG=======================
> >
> >
> >
> >
> >
> > I would like to change this to:
> >
> >
> > ======================START OF (portion of)
> > NEWRADIUS.CFG====================
> > <AuthBy LOADBALANCE>
> > Identifier Kind01
> >
> > include %D/Retries%{AuthName:Identifier}.cfg
> > include %D/Hosts%{AuthName:Identifier}.cfg
> >
> > AcctFailedLogFileName %L/ACCT-LOST/%{AuthName:Identifier}/%Y-%m-%d.log
> > </AuthBy>
> >
> > <AuthBy LOADBALANCE>
> > Identifier Kind02
> >
> > include %D/Retries%{AuthName:Identifier}.cfg
> > include %D/Hosts%{AuthName:Identifier}.cfg
> >
> > AcctFailedLogFileName %L/ACCT-LOST/%{AuthName:Identifier}/%Y-%m-%d.log
> > </AuthBy>
> > =======================END OF (portion of)
> > NEWRADIUS.CFG=====================
> >
> > ======================START OF RetriesKind01.cfg====================
> > Retries 1
> > =======================END OF RetriesKind01.cfg=====================
> >
> > ======================START OF HostsKind01.cfg====================
> > <Host 22.33.44.55>
> > Secret aaaa
> > AuthPort 1111
> > AcctPort 2222
> > </Host>
> > <Host 22.33.44.66>
> > Secret asdf
> > AuthPort 2321
> > AcctPort 1234
> > </Host>
> > =======================END OF HostsKind01.cfg=====================
> >
> > ======================START OF RetriesKind02.cfg====================
> > Retries 3
> > =======================END OF RetriesKind02.cfg=====================
> >
> > ======================START OF HostsKind02.cfg====================
> > <Host 22.33.44.55>
> > Secret bbbb
> > AuthPort 2231
> > AcctPort 2311
> > </Host>
> > <Host 22.33.44.66>
> > Secret qwert
> > AuthPort 3333
> > AcctPort 4444
> > </Host>
> > =======================END OF HostsKind02.cfg=====================
> >
> >
> >
> > Although this leads to a profussion of files, they are all parsed at
> > startup and this allows
> > me to modify things on a per AuthBy basis and keep it clean... Maybe
> > give some people the
> > possibility to edit some files and other people to edit other files...
> >
> > I might be dumb or crazy... but this kind of things helped me a lot in
> > the past for keeping
> > config files clean and ordered...
> >
> >>
> >> thanks
> >>
> >> Hugh
> >>
> >>
> >> On Friday, September 6, 2002, at 07:26 AM, Mariano Absatz wrote:
> >>
> >>> Hi Hugh, long time no see...
> >>>
> >>> I'm planning an installation with a bunch of front-end Radiator
> >>> proxies
> >>> (using <AuthBy LOADBALANCE>) to an(other) bunch of Radiator back-end
> >>> servers
> >>> that do the actual authentication against SQL servers.
> >>>
> >>> Now, the front-end farm has the "dispatching" intelligence and the
> >>> back-end,
> >>> the authentication intelligence...
> >>>
> >>> By "dispatching" I mean:
> >>> "if it comes from such and such a NAS authenticate using of these
> >>> back-end
> >>> servers"
> >>> "if the realm matches xxx authenticate against these bunch of
> >>> back-ends"
> >>> etc...
> >>>
> >>> I'm trying to generalize as much as possible and want to have short
> >>> and
> >>> easily manteinable config files, so I'm doing a bunch of identfied
> >>> AuthBy's
> >>> like this:
> >>>
> >>> <AuthBy LOADBALANCE>
> >>> Identifier Kind01
> >>>
> >>> include %{GlobalVar:ConfigDir}/RetriesKind01.cfg
> >>> include %{GlobalVar:ConfigDir}/HostsKind01.cfg
> >>>
> >>> AcctFailedLogFileName %L/ACCT-LOST/Kind01/%Y-%m-%d.log
> >>> </AuthBy>
> >>>
> >>> This would be the AuthBy to use for the "Kind01" kind of handlers...
> >>>
> >>> Is there a way to have a "per AuthBy" special that has the "AuthBy"
> >>> Identfier? That is... a kind of "%{LocalVar:xxxx}" where the locality
> >>> is wrt
> >>> the AuthBy...
> >>>
> >>> Would %{Handler:Identifier} do that? or that would give me the
> >>> Identifier of
> >>> the Handler that called this AuthBy?
> >>>
> >>> Otherwise, would something along the lines of this work?:
> >>>
> >>> <AuthBy LOADBALANCE>
> >>> DefineFormattedGlobalVar KIND Kind01
> >>> Identifier %{GlobalVar:KIND}
> >>>
> >>> include %{GlobalVar:ConfigDir}/Retries%{GlobalVar:KIND}.cfg
> >>> include %{GlobalVar:ConfigDir}/Hosts%{GlobalVar:KIND}.cfg
> >>>
> >>> AcctFailedLogFileName %L/ACCT-LOST/%{GlobalVar:KIND}/%Y-%m-%d.log
> >>> </AuthBy>
> >>>
> >>> <AuthBy LOADBALANCE>
> >>> DefineFormattedGlobalVar KIND Kind02
> >>> Identifier %{GlobalVar:KIND}
> >>>
> >>> include %{GlobalVar:ConfigDir}/Retries%{GlobalVar:KIND}.cfg
> >>> include %{GlobalVar:ConfigDir}/Hosts%{GlobalVar:KIND}.cfg
> >>>
> >>> AcctFailedLogFileName %L/ACCT-LOST/%{GlobalVar:KIND}/%Y-%m-%d.log
> >>> </AuthBy>
> >>>
> >>>
> >>> TIA.
> >>>
> >>>
> >>> --
> >>> Mariano Absatz
> >>> El Baby
> >>> ----------------------------------------------------------
> >>> It said, "Insert disk #3," but only two will fit!
> >>>
> >>>
> >>> ===
> >>> Archive at http://www.open.com.au/archives/radiator/
> >>> Announcements on radiator-announce at open.com.au
> >>> To unsubscribe, email 'majordomo at open.com.au' with
> >>> 'unsubscribe radiator' in the body of the message.
> >>>
> >>>
> >>
> >> --
> >> Radiator: the most portable, flexible and configurable RADIUS server
> >> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> >> -
> >> Nets: internetwork inventory and management - graphical, extensible,
> >> flexible with hardware, software, platform and database independence.
> >
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> >
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
--
Mariano Absatz
El Baby
----------------------------------------------------------
Errors have been made. Others will be blamed.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list