(RADIATOR) Auth only on same realm

Frank Danielson fdanielson at dataonair.com
Tue Feb 4 12:33:23 CST 2003


Yes. You shut put your most detailed match first and work down to more
generic ones.

-----Original Message-----
From: Tom Swenson [mailto:tom at netconx.net]
Sent: Tuesday, February 04, 2003 12:14 PM
To: radiator at open.com.au
Subject: Re: (RADIATOR) Auth only on same realm


Just so I understand correctly. Does the handlers work like a cisco access
list in that it will start at the top of the file and the first handler
that matches, it is completed? 

Tom Swenson - CTO
NetConX - Internet Access - Client Managed Web Database Applications
Wireless - Virus Blocking - Spam Blocking
tom at netconx.net
http://www.netconx.net
(641) 421-4170 - Voice	(641) 423-3351 - FAX

There's a better way to do it. Find it!  -  Thomas Edison


*********** REPLY SEPARATOR  ***********

On 1/31/2003 at 10:35 AM Hugh Irvine wrote:

>Hello Tom -
>
>I don't quite understand your question sorry.
>
>Could you give me a bit more detail please?
>
>If you want usernames without realms to be treated the same way as 
>those with realms, you can add a DefaultRealm parameter to your Client 
>clauses:
>
># define Client clauses
>
><Client ....>
>	.....
>	DefaultRealm foo.bar
></Client>
>
>.....
>
>regards
>
>Hugh
>
>
>On Friday, Jan 31, 2003, at 10:04 Australia/Melbourne, Tom Swenson 
>wrote:
>
>> I tried this and I think it will work, but I have to figure out a way 
>> to
>> get the default domain in there. Is there an easier way than to put in 
>> an
>> identifier for every client and then a handler at the end of my 
>> domains to
>> catch all the ones without domains?
>>
>> Thanks again.
>>
>> Tom Swenson - CTO
>> NetConX - Internet Access - Client Managed Web Database Applications
>> Wireless - Virus Blocking - Spam Blocking
>> tom at netconx.net
http://www.netconx.net
>> (641) 421-4170 - Voice	(641) 423-3351 - FAX
>>
>> Your imagination is your preview of life's coming attractions - Albert
>> Einstein
>>
>>
>> *********** REPLY SEPARATOR  ***********
>>
>> On 1/31/2003 at 9:24 AM Hugh Irvine wrote:
>>
>>> Hello Tom -
>>>
>>> You should not mix Realms and Handlers in the same configuration file
>>> for exactly this reason - Realms are always evaluated first.
>>>
>>> Change your Realms to Handlers like this:
>>>
>>> <Realm foo.bar>
>>> 	.....
>>> </Realm>
>>>
>>> becomes
>>>
>>> <Handler Realm = foo.bar>
>>> 	.....
>>> </Handler>
>>>
>>> Note that Handlers are evaluated in the order they appear in the
>>> configuration file, so the more specific must appear before the more
>>> general, keeping in mind that you want the most hit Handlers as close
>>> to the top of the list as possible.
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On Friday, Jan 31, 2003, at 04:55 Australia/Melbourne, Tom Swenson
>>> wrote:
>>>
>>>> I have a newsgroup server that I have told to authenticate with the
>>>> same
>>>> realm as my dial in customers. I created special client for this 
>>>> server
>>>> and then put in an identifier. I thought it would then go to the
>>>> handler I
>>>> created to just authenticate only. No accounting or sessions. I'm
>>>> finding
>>>> that it is instead of going to the handler, it is going to the realm.
>>>> The
>>>> manual says it this is how it will do this.
>>>>
>>>> I don't know what to do now. Here is what I have, but I don't think 
>>>> it
>>>> ever goes to the handler. Is there anything I can specify in the 
>>>> client
>>>> section to make it go to a specific realm or handler?
>>>>
>>>> <Client xx.xx.xx.xx>
>>>>   DupInterval 0
>>>>   IgnoreAcctSignature
>>>>   Secret xxxxxxxxxxx
>>>>   Identifier newsauth
>>>> </Client>
>>>>
>>>> # news group authentication
>>>> <Handler Client-Identifier=newsauth>
>>>>   AuthBy ID_0
>>>>   AuthByPolicy ContinueWhileIgnore
>>>>   RewriteUsername s/^([^@]+).*/$1/
>>>> </Handler>
>>>>
>>>>
>>>> Tom Swenson - CTO
>>>> NetConX - Internet Access - Client Managed Web Database Applications
>>>> Wireless - Virus Blocking - Spam Blocking
>>>> tom at netconx.net
http://www.netconx.net
>>>> (641) 421-4170 - Voice	(641) 423-3351 - FAX
>>>>
>>>> Your imagination is your preview of life's coming attractions - 
>>>> Albert
>>>> Einstein
>>>>
>>>>
>>>> ===
>>>> Archive at http://www.open.com.au/archives/radiator/
>>>> Announcements on radiator-announce at open.com.au
>>>> To unsubscribe, email 'majordomo at open.com.au' with
>>>> 'unsubscribe radiator' in the body of the message.
>>>>
>>>>
>>>
>>> -- 
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>>> -
>>> Nets: internetwork inventory and management - graphical, extensible,
>>> flexible with hardware, software, platform and database independence.
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>
>>
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
>-- 
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>-
>Nets: internetwork inventory and management - graphical, extensible,
>flexible with hardware, software, platform and database independence.
>
>===
>Archive at http://www.open.com.au/archives/radiator/
>Announcements on radiator-announce at open.com.au
>To unsubscribe, email 'majordomo at open.com.au' with
>'unsubscribe radiator' in the body of the message.



===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list