(RADIATOR) wrapping up on parametrizing AuthBy's
Hugh Irvine
hugh at open.com.au
Wed Sep 18 18:48:59 CDT 2002
Hello Mariano -
You will have to try these things out to verify whether they work or
not.
As far as I can see the idea should work, however I don't think what
you show below will work as you expect, because the AddToReply will be
done *after* the AuthBy clause is executed. I suppose you could use an
AuthBy INTERNAL clause before the other AuthBy clause to add the fake
attributes, but as I have said previously this seems very unnatural to
me (just my own view).
regards
Hugh
On Thursday, September 19, 2002, at 12:31 AM, Mariano Absatz wrote:
> Hi Hugh,
>
> I'd like to recap and see if this thing I did after your suggestions
> would
> work:
>
> ################### radius.cfg START #####################
> <AuthBy LOADBALANCE>
> Identifier ProxyStandard
> NoDefault
> # Para cada "Faked-Attribute" que se setea en los <Handler>
> # se deberan crear archivos ParamXXX y HostsXXX en el directorio
> # /usr/local/radiator/etc
> include %D/Param%{Reply:Faked-Attribute}.cfg
> include %D/Hosts%{Reply:Faked-Attribute}.cfg
>
> AcctFailedLogFileName \
> %L/ACCT-LOST/%{Reply:Faked-Attribute}/%Y-%m-%d.log
>
> StripFromReply Faked-Attribute
> </AuthBy>
>
>
> # Kind01 Handler
> <Handler Called-Station-Id=/2222$|^123456$/>
> Identifier Handler01
> RewriteUsername s/^([^@]+).*/$1/
> AddToReply Faked-Attribute="Kind01"
> AuthBy ProxyStandard
> </Handler>
>
> # Kind02 Handler
> <Handler Called-Station-Id=/4444$|^654321$/>
> Identifier Handler02
> RewriteUsername s/^([^@]+).*/$1/
> AddToReply Faked-Attribute="Kind02"
> AuthBy ProxyStandard
> </Handler>
>
> # Kind03
> <Handler Realm=/^whatever.com$/>
> Identifier Handler03
> AddToReply Pert-Service-Code="Kind03"
> AuthBy ProxyStandard
> </Handler>
>
> #################### radius.cfg END ######################
>
> The idea is that I have separate files for specific parameters, for
> instance:
>
> ################### ParamKind01.cfg START #####################
> SessionDatabase ProxySession
> AcctLogFileName %L/Accounting%{Reply:Faked-Attribute}.log
>
> <AuthLog FILE>
> FileName %L/Auth%{Reply:Faked-Attribute}.log
> LogSuccess 1
> LogFailure 1
> SuccessFormat %l:POST:%U:%N:OK-%{Reply:Code}:%{Handler:Identifier}
> FailureFormat %l:POST:%U:%N:FAIL-%{Reply:Code}:%{Handler:Identifier}
> </AuthLog>
> #################### ParamKind01.cfg END ######################
>
> ################### HostsKind01.cfg START #####################
> <Host 1.2.3.4>
> AuthPort 1645
> AcctPort 1646
> Secret xxxx
> RetryTimeout 1
> Retries 0
> </Host>
> <Host 1.2.3.4>
> AuthPort 1812
> AcctPort 1813
> Secret xxxx
> RetryTimeout 1
> Retries 0
> </Host>
> <Host 1.2.3.5>
> AuthPort 1645
> AcctPort 1646
> Secret xxxx
> RetryTimeout 3
> Retries 0
> </Host>
> <Host 1.2.3.5>
> AuthPort 1812
> AcctPort 1813
> Secret xxxx
> RetryTimeout 3
> Retries 0
> </Host>
>
> #################### HostsKind01.cfg END ######################
>
> Supposedly, HostsParam02.cfg may have different settings and
> HostsKind02.cfg
> will have a different set of hosts.
>
> And so on...
>
> Will this kind of dynamic stuff work? Or can you think of another way
> to do
> it?
>
> TIA
>
>
> --
> Mariano Absatz
> El Baby
> ----------------------------------------------------------
> Late one night in the middle of the day, two dead
> soldiers got up to fight. Back to back they faced
> each other, pulled out their swords and shot one
> another. A deaf policeman heard the noise, got up
> and shot the twice dead boys. If you don't believe
> me, ask the blind man who saw it all, through a
> knothole in a wooden brick wall.
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list