(RADIATOR) %{Handler:name}
Hugh Irvine
hugh at open.com.au
Thu Sep 12 17:35:15 CDT 2002
Hello Mariano -
As mentioned in my previous mail, the prefered way to deal with large
numbers of proxy targets is with the AuthBy SQLRADIUS clause.
Otherwise, if you want to do fancy things such as you show below, you
should use a hook (examples in "goodies/hooks.txt"). And it would
probably be best to set a pseudo-attribute in the request packet that
would then be used in the AuthBy clause.
GlobalVars as the name implies are Global parameters that are set at the
top level of the configuration file (or on the command line at run
time). They should be used for static data only.
regards
Hugh
On Thursday, September 12, 2002, at 11:30 PM, Mariano Absatz wrote:
> El 10 Sep 2002 a las 9:27, Hugh Irvine escribió:
>
>>
>> Hello Mariano -
>>
>> The way that Radiator is designed allows you to specify a single AuthBy
>> clause and call it from multiple Handlers, using special characters for
>> the parameters, rather than specifying many different AuthBy clauses.
>> The special characters most often used are GlobalVars that have been
>> defined in the configuration file itself, or passed in from the command
>> line.
> But how could I parametrize them on a handler by handler basis within
> the
> same config file...
>
> As far as I see, the "AuthBy <Identifier-name>" doesn't allow any
> parameters
> to be passed from the <Handler> to the <AuthBy>... or does it?
>
> What else (besides "Identifier") can I use in a %{Handler:name} within
> an
> AuthBy?
>
> What is the "scope" of GlobalVar and when are they set?
>
> That is, if I have the following:
> ======================================================
> <Handler xxxx>
> Identifier foo
> DefineFormattedGlobalVar host abc
> AuthBy MyAuthby
> </Handler>
>
> <Handler yyyy>
> Identifier bar
> DefineFormattedGlobalVar host xyz
> AuthBy MyAuthby
> </Handler>
>
> <AuthBy Radius>
> Identifier MyAuthby
> Host %{GlobalVar:host}
> </AuthBy>
> ======================================================
> Will it proxy to host abc if it comes from handler xxxx and to host xyz
> if it
> comes from handler yyyy?
>
>>
>> Note that for proxy radius targets, Radiator now supports the AuthBy
>> SQLRADIUS clause that allows you to maintain your target hosts in an
>> SQL
>> database.
>>
>> regards
>>
>> Hugh
>>
>>
>> On Tuesday, September 10, 2002, at 06:16 AM, Mariano Absatz wrote:
>>
>>> El 6 Sep 2002 a las 9:42, Hugh Irvine escribió:
>>>
>>>>
>>>> Hello Mariano -
>>>>
>>>> I'm afraid I dont quite understand what you are wanting to do.
>>>>
>>>> Could you give me a bit more detail?
>>> Yup.
>>>
>>> I'm trying to generalize the way I write very similar proxies where
>>> maybe the only thing that
>>> changes is the proxied hosts/ports and where I log accounting
>>> failures...
>>>
>>> Since this stuff goes in a different <AuthBy Radius> (or <AuthBy
>>> LOADBALANCE> for that
>>> matter), I want to name (via "Identifier") each AuthBy and be able to
>>> recall that name within
>>> the AuthBy...
>>>
>>> In the manual
>>> (http://www.open.com.au/radiator/ref.html#pgfId=291148) I
>>> see that I can find
>>> out which client triggered a clause (%{Client:name}) and which handler
>>> did so
>>> (%{Handler:name}), but I might have several clients and several
>>> handlers going to the same
>>> AuthBy and the AuthBy itself would be the selector.
>>>
>>> Let's go by example...
>>>
>>> Suppose I currently have the following in my config file:
>>>
>>> =======================START OF (portion of)
>>> RADIUS.CFG======================
>>> <AuthBy LOADBALANCE>
>>> Identifier Kind01
>>>
>>> Retries 1
>>> <Host 22.33.44.55>
>>> Secret aaaa
>>> AuthPort 1111
>>> AcctPort 2222
>>> </Host>
>>> <Host 22.33.44.66>
>>> Secret asdf
>>> AuthPort 2321
>>> AcctPort 1234
>>> </Host>
>>>
>>> AcctFailedLogFileName %L/ACCT-LOST/Kind01/%Y-%m-%d.log
>>> </AuthBy>
>>>
>>> <AuthBy LOADBALANCE>
>>> Identifier Kind02
>>>
>>> Retries 3
>>> <Host 22.33.44.55>
>>> Secret bbbb
>>> AuthPort 2231
>>> AcctPort 2311
>>> </Host>
>>> <Host 22.33.44.66>
>>> Secret qwert
>>> AuthPort 3333
>>> AcctPort 4444
>>> </Host>
>>>
>>> AcctFailedLogFileName %L/ACCT-LOST/Kind02/%Y-%m-%d.log
>>> </AuthBy>
>>> ========================END OF (portion of)
>>> RADIUS.CFG=======================
>>>
>>>
>>>
>>>
>>>
>>> I would like to change this to:
>>>
>>>
>>> ======================START OF (portion of)
>>> NEWRADIUS.CFG====================
>>> <AuthBy LOADBALANCE>
>>> Identifier Kind01
>>>
>>> include %D/Retries%{AuthName:Identifier}.cfg
>>> include %D/Hosts%{AuthName:Identifier}.cfg
>>>
>>> AcctFailedLogFileName %L/ACCT-
>>> LOST/%{AuthName:Identifier}/%Y-%m-%d.log
>>> </AuthBy>
>>>
>>> <AuthBy LOADBALANCE>
>>> Identifier Kind02
>>>
>>> include %D/Retries%{AuthName:Identifier}.cfg
>>> include %D/Hosts%{AuthName:Identifier}.cfg
>>>
>>> AcctFailedLogFileName %L/ACCT-
>>> LOST/%{AuthName:Identifier}/%Y-%m-%d.log
>>> </AuthBy>
>>> =======================END OF (portion of)
>>> NEWRADIUS.CFG=====================
>>>
>>> ======================START OF RetriesKind01.cfg====================
>>> Retries 1
>>> =======================END OF RetriesKind01.cfg=====================
>>>
>>> ======================START OF HostsKind01.cfg====================
>>> <Host 22.33.44.55>
>>> Secret aaaa
>>> AuthPort 1111
>>> AcctPort 2222
>>> </Host>
>>> <Host 22.33.44.66>
>>> Secret asdf
>>> AuthPort 2321
>>> AcctPort 1234
>>> </Host>
>>> =======================END OF HostsKind01.cfg=====================
>>>
>>> ======================START OF RetriesKind02.cfg====================
>>> Retries 3
>>> =======================END OF RetriesKind02.cfg=====================
>>>
>>> ======================START OF HostsKind02.cfg====================
>>> <Host 22.33.44.55>
>>> Secret bbbb
>>> AuthPort 2231
>>> AcctPort 2311
>>> </Host>
>>> <Host 22.33.44.66>
>>> Secret qwert
>>> AuthPort 3333
>>> AcctPort 4444
>>> </Host>
>>> =======================END OF HostsKind02.cfg=====================
>>>
>>>
>>>
>>> Although this leads to a profussion of files, they are all parsed at
>>> startup and this allows
>>> me to modify things on a per AuthBy basis and keep it clean... Maybe
>>> give some people the
>>> possibility to edit some files and other people to edit other files...
>>>
>>> I might be dumb or crazy... but this kind of things helped me a lot in
>>> the past for keeping
>>> config files clean and ordered...
>>>
>>>>
>>>> thanks
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On Friday, September 6, 2002, at 07:26 AM, Mariano Absatz wrote:
>>>>
>>>>> Hi Hugh, long time no see...
>>>>>
>>>>> I'm planning an installation with a bunch of front-end Radiator
>>>>> proxies
>>>>> (using <AuthBy LOADBALANCE>) to an(other) bunch of Radiator back-end
>>>>> servers
>>>>> that do the actual authentication against SQL servers.
>>>>>
>>>>> Now, the front-end farm has the "dispatching" intelligence and the
>>>>> back-end,
>>>>> the authentication intelligence...
>>>>>
>>>>> By "dispatching" I mean:
>>>>> "if it comes from such and such a NAS authenticate using of these
>>>>> back-end
>>>>> servers"
>>>>> "if the realm matches xxx authenticate against these bunch of
>>>>> back-ends"
>>>>> etc...
>>>>>
>>>>> I'm trying to generalize as much as possible and want to have short
>>>>> and
>>>>> easily manteinable config files, so I'm doing a bunch of identfied
>>>>> AuthBy's
>>>>> like this:
>>>>>
>>>>> <AuthBy LOADBALANCE>
>>>>> Identifier Kind01
>>>>>
>>>>> include %{GlobalVar:ConfigDir}/RetriesKind01.cfg
>>>>> include %{GlobalVar:ConfigDir}/HostsKind01.cfg
>>>>>
>>>>> AcctFailedLogFileName %L/ACCT-LOST/Kind01/%Y-%m-%d.log
>>>>> </AuthBy>
>>>>>
>>>>> This would be the AuthBy to use for the "Kind01" kind of handlers...
>>>>>
>>>>> Is there a way to have a "per AuthBy" special that has the "AuthBy"
>>>>> Identfier? That is... a kind of "%{LocalVar:xxxx}" where the
>>>>> locality
>>>>> is wrt
>>>>> the AuthBy...
>>>>>
>>>>> Would %{Handler:Identifier} do that? or that would give me the
>>>>> Identifier of
>>>>> the Handler that called this AuthBy?
>>>>>
>>>>> Otherwise, would something along the lines of this work?:
>>>>>
>>>>> <AuthBy LOADBALANCE>
>>>>> DefineFormattedGlobalVar KIND Kind01
>>>>> Identifier %{GlobalVar:KIND}
>>>>>
>>>>> include %{GlobalVar:ConfigDir}/Retries%{GlobalVar:KIND}.cfg
>>>>> include %{GlobalVar:ConfigDir}/Hosts%{GlobalVar:KIND}.cfg
>>>>>
>>>>> AcctFailedLogFileName %L/ACCT-LOST/%{GlobalVar:KIND}/%Y-%m-%d.log
>>>>> </AuthBy>
>>>>>
>>>>> <AuthBy LOADBALANCE>
>>>>> DefineFormattedGlobalVar KIND Kind02
>>>>> Identifier %{GlobalVar:KIND}
>>>>>
>>>>> include %{GlobalVar:ConfigDir}/Retries%{GlobalVar:KIND}.cfg
>>>>> include %{GlobalVar:ConfigDir}/Hosts%{GlobalVar:KIND}.cfg
>>>>>
>>>>> AcctFailedLogFileName %L/ACCT-LOST/%{GlobalVar:KIND}/%Y-%m-%d.log
>>>>> </AuthBy>
>>>>>
>>>>>
>>>>> TIA.
>>>>>
>>>>>
>>>>> --
>>>>> Mariano Absatz
>>>>> El Baby
>>>>> ----------------------------------------------------------
>>>>> It said, "Insert disk #3," but only two will fit!
>>>>>
>>>>>
>>>>> ===
>>>>> Archive at http://www.open.com.au/archives/radiator/
>>>>> Announcements on radiator-announce at open.com.au
>>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>>> 'unsubscribe radiator' in the body of the message.
>>>>>
>>>>>
>>>>
>>>> --
>>>> Radiator: the most portable, flexible and configurable RADIUS server
>>>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>>>> -
>>>> Nets: internetwork inventory and management - graphical, extensible,
>>>> flexible with hardware, software, platform and database independence.
>>>
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>
>
> --
> Mariano Absatz
> El Baby
> ----------------------------------------------------------
> Errors have been made. Others will be blamed.
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list