(RADIATOR) %{Handler:name}

Mariano Absatz radiator at lists.com.ar
Thu Sep 12 08:30:23 CDT 2002


El 10 Sep 2002 a las 9:27, Hugh Irvine escribió:

> 
> Hello Mariano -
> 
> The way that Radiator is designed allows you to specify a single AuthBy 
> clause and call it from multiple Handlers, using special characters for 
> the parameters, rather than specifying many different AuthBy clauses. 
> The special characters most often used are GlobalVars that have been 
> defined in the configuration file itself, or passed in from the command 
> line.
But how could I parametrize them on a handler by handler basis within the 
same config file...

As far as I see, the "AuthBy <Identifier-name>" doesn't allow any parameters 
to be passed from the <Handler> to the <AuthBy>... or does it?

What else (besides "Identifier") can I use in a %{Handler:name} within an 
AuthBy?

What is the "scope" of GlobalVar and when are they set?

That is, if I have the following:
======================================================
<Handler xxxx>
	Identifier foo
	DefineFormattedGlobalVar host abc
	AuthBy MyAuthby
</Handler>

<Handler yyyy>
	Identifier bar
	DefineFormattedGlobalVar host xyz
	AuthBy MyAuthby
</Handler>

<AuthBy Radius>
	Identifier MyAuthby
	Host %{GlobalVar:host}
</AuthBy>
======================================================
Will it proxy to host abc if it comes from handler xxxx and to host xyz if it 
comes from handler yyyy?

> 
> Note that for proxy radius targets, Radiator now supports the AuthBy 
> SQLRADIUS clause that allows you to maintain your target hosts in an SQL 
> database.
> 
> regards
> 
> Hugh
> 
> 
> On Tuesday, September 10, 2002, at 06:16 AM, Mariano Absatz wrote:
> 
> > El 6 Sep 2002 a las 9:42, Hugh Irvine escribió:
> >
> >>
> >> Hello Mariano -
> >>
> >> I'm afraid I dont quite understand what you are wanting to do.
> >>
> >> Could you give me a bit more detail?
> > Yup.
> >
> > I'm trying to generalize the way I write very similar proxies where 
> > maybe the only thing that
> > changes is the proxied hosts/ports and where I log accounting 
> > failures...
> >
> > Since this stuff goes in a different <AuthBy Radius> (or <AuthBy 
> > LOADBALANCE> for that
> > matter), I want to name (via "Identifier") each AuthBy and be able to 
> > recall that name within
> > the AuthBy...
> >
> > In the manual (http://www.open.com.au/radiator/ref.html#pgfId=291148) I 
> > see that I can find
> > out which client triggered a clause (%{Client:name}) and which handler 
> > did so
> > (%{Handler:name}), but I might have several clients and several 
> > handlers going to the same
> > AuthBy and the AuthBy itself would be the selector.
> >
> > Let's go by example...
> >
> > Suppose I currently have the following in my config file:
> >
> > =======================START OF (portion of) 
> > RADIUS.CFG======================
> > <AuthBy LOADBALANCE>
> > 	Identifier Kind01
> >
> > 	Retries 1
> >         <Host 22.33.44.55>
> > 		Secret aaaa
> > 		AuthPort 1111
> > 		AcctPort 2222
> > 	</Host>
> > 	<Host 22.33.44.66>
> > 		Secret asdf
> > 		AuthPort 2321
> > 		AcctPort 1234
> > 	</Host>
> >
> > 	AcctFailedLogFileName %L/ACCT-LOST/Kind01/%Y-%m-%d.log
> > </AuthBy>
> >
> > <AuthBy LOADBALANCE>
> > 	Identifier Kind02
> >
> > 	Retries 3
> >         <Host 22.33.44.55>
> > 		Secret bbbb
> > 		AuthPort 2231
> > 		AcctPort 2311
> > 	</Host>
> > 	<Host 22.33.44.66>
> > 		Secret qwert
> > 		AuthPort 3333
> > 		AcctPort 4444
> > 	</Host>
> >
> > 	AcctFailedLogFileName %L/ACCT-LOST/Kind02/%Y-%m-%d.log
> > </AuthBy>
> > ========================END OF (portion of) 
> > RADIUS.CFG=======================
> >
> >
> >
> >
> >
> > I would like to change this to:
> >
> >
> > ======================START OF (portion of) 
> > NEWRADIUS.CFG====================
> > <AuthBy LOADBALANCE>
> > 	Identifier Kind01
> >
> > 	include %D/Retries%{AuthName:Identifier}.cfg
> > 	include %D/Hosts%{AuthName:Identifier}.cfg
> >
> > 	AcctFailedLogFileName %L/ACCT-LOST/%{AuthName:Identifier}/%Y-%m-%d.log
> > </AuthBy>
> >
> > <AuthBy LOADBALANCE>
> > 	Identifier Kind02
> >
> > 	include %D/Retries%{AuthName:Identifier}.cfg
> > 	include %D/Hosts%{AuthName:Identifier}.cfg
> >
> > 	AcctFailedLogFileName %L/ACCT-LOST/%{AuthName:Identifier}/%Y-%m-%d.log
> > </AuthBy>
> > =======================END OF (portion of) 
> > NEWRADIUS.CFG=====================
> >
> > ======================START OF RetriesKind01.cfg====================
> > Retries 1
> > =======================END OF RetriesKind01.cfg=====================
> >
> > ======================START OF HostsKind01.cfg====================
> > <Host 22.33.44.55>
> > 	Secret aaaa
> > 	AuthPort 1111
> > 	AcctPort 2222
> > </Host>
> > <Host 22.33.44.66>
> > 	Secret asdf
> > 	AuthPort 2321
> > 	AcctPort 1234
> > </Host>
> > =======================END OF HostsKind01.cfg=====================
> >
> > ======================START OF RetriesKind02.cfg====================
> > Retries 3
> > =======================END OF RetriesKind02.cfg=====================
> >
> > ======================START OF HostsKind02.cfg====================
> > <Host 22.33.44.55>
> > 	Secret bbbb
> > 	AuthPort 2231
> > 	AcctPort 2311
> > </Host>
> > <Host 22.33.44.66>
> > 	Secret qwert
> > 	AuthPort 3333
> > 	AcctPort 4444
> > </Host>
> > =======================END OF HostsKind02.cfg=====================
> >
> >
> >
> > Although this leads to a profussion of files, they are all parsed at 
> > startup and this allows
> > me to modify things on a per AuthBy basis and keep it clean... Maybe 
> > give some people the
> > possibility to edit some files and other people to edit other files...
> >
> > I might be dumb or crazy... but this kind of things helped me a lot in 
> > the past for keeping
> > config files clean and ordered...
> >
> >>
> >> thanks
> >>
> >> Hugh
> >>
> >>
> >> On Friday, September 6, 2002, at 07:26 AM, Mariano Absatz wrote:
> >>
> >>> Hi Hugh, long time no see...
> >>>
> >>> I'm planning an installation with a bunch of front-end Radiator 
> >>> proxies
> >>> (using <AuthBy LOADBALANCE>) to an(other) bunch of Radiator back-end
> >>> servers
> >>> that do the actual authentication against SQL servers.
> >>>
> >>> Now, the front-end farm has the "dispatching" intelligence and the
> >>> back-end,
> >>> the authentication intelligence...
> >>>
> >>> By "dispatching" I mean:
> >>> "if it comes from such and such a NAS authenticate using of these
> >>> back-end
> >>> servers"
> >>> "if the realm matches xxx authenticate against these bunch of 
> >>> back-ends"
> >>> etc...
> >>>
> >>> I'm trying to generalize as much as possible and want to have short 
> >>> and
> >>> easily manteinable config files, so I'm doing a bunch of identfied
> >>> AuthBy's
> >>> like this:
> >>>
> >>> <AuthBy LOADBALANCE>
> >>> 	Identifier Kind01
> >>>
> >>> 	include %{GlobalVar:ConfigDir}/RetriesKind01.cfg
> >>> 	include %{GlobalVar:ConfigDir}/HostsKind01.cfg
> >>>
> >>> 	AcctFailedLogFileName %L/ACCT-LOST/Kind01/%Y-%m-%d.log
> >>> </AuthBy>
> >>>
> >>> This would be the AuthBy to use for the "Kind01" kind of handlers...
> >>>
> >>> Is there a way to have a "per AuthBy" special that has the "AuthBy"
> >>> Identfier? That is... a kind of "%{LocalVar:xxxx}" where the locality
> >>> is wrt
> >>> the AuthBy...
> >>>
> >>> Would %{Handler:Identifier} do that? or that would give me the
> >>> Identifier of
> >>> the Handler that called this AuthBy?
> >>>
> >>> Otherwise, would something along the lines of this work?:
> >>>
> >>> <AuthBy LOADBALANCE>
> >>> 	DefineFormattedGlobalVar KIND Kind01
> >>> 	Identifier %{GlobalVar:KIND}
> >>>
> >>> 	include %{GlobalVar:ConfigDir}/Retries%{GlobalVar:KIND}.cfg
> >>> 	include %{GlobalVar:ConfigDir}/Hosts%{GlobalVar:KIND}.cfg
> >>>
> >>> 	AcctFailedLogFileName %L/ACCT-LOST/%{GlobalVar:KIND}/%Y-%m-%d.log
> >>> </AuthBy>
> >>>
> >>> <AuthBy LOADBALANCE>
> >>> 	DefineFormattedGlobalVar KIND Kind02
> >>> 	Identifier %{GlobalVar:KIND}
> >>>
> >>> 	include %{GlobalVar:ConfigDir}/Retries%{GlobalVar:KIND}.cfg
> >>> 	include %{GlobalVar:ConfigDir}/Hosts%{GlobalVar:KIND}.cfg
> >>>
> >>> 	AcctFailedLogFileName %L/ACCT-LOST/%{GlobalVar:KIND}/%Y-%m-%d.log
> >>> </AuthBy>
> >>>
> >>>
> >>> TIA.
> >>>
> >>>
> >>> --
> >>> Mariano Absatz
> >>> El Baby
> >>> ----------------------------------------------------------
> >>> It said, "Insert disk #3," but only two will fit!
> >>>
> >>>
> >>> ===
> >>> Archive at http://www.open.com.au/archives/radiator/
> >>> Announcements on radiator-announce at open.com.au
> >>> To unsubscribe, email 'majordomo at open.com.au' with
> >>> 'unsubscribe radiator' in the body of the message.
> >>>
> >>>
> >>
> >> --
> >> Radiator: the most portable, flexible and configurable RADIUS server
> >> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> >> -
> >> Nets: internetwork inventory and management - graphical, extensible,
> >> flexible with hardware, software, platform and database independence.
> >
> >
> > ===
> > Archive at http://www.open.com.au/archives/radiator/
> > Announcements on radiator-announce at open.com.au
> > To unsubscribe, email 'majordomo at open.com.au' with
> > 'unsubscribe radiator' in the body of the message.
> >
> >
> 
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.


--
Mariano Absatz
El Baby
----------------------------------------------------------
Errors have been made. Others will be blamed.


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list