(RADIATOR) AuthByPolicy Question: ContinueUntilAccept
Jon Lindbo
jlindbo at netwk-innov.net
Mon Jan 20 16:47:44 CST 2003
Hi,
I am having a little bit of trouble with some complex AuthBy
handling I am doing. I have customers in various states of conversion to
some new dialup settings and I am having to jump through 15 different hoops
when authenticating them. The problem I am having is when I set my
AuthByPolicy to ContinueUntilAccept, I have no way of sending a REJECT to
the NAS if none of the AuthBy clauses ACCEPT the user. Is there a way to
send a reject if the request was not accepted that I am not thinking of?
Below is a trimmed copy of the config.
Thanks
Jonathon Lindbo
<AuthBy SQL>
Identifier niiVispAuthClear
DBSource dbi:mysql:service:x.x.x.x
DBUsername xxxxxx
DBAuth xxxxxx
AuthSelect select
clear_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \
from dial_auth \
where `User-Name`='%n' and network='%{network}'
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Simultaneous-Use,check
AuthColumnDef 2,Class,reply
AuthColumnDef 3,Session-Timeout,reply
AuthColumnDef 4,Idle-Timeout,reply
NoDefault
# Don't try select for DEFAULT
IgnoreAccounting
AddToReply Ascend-Data-Filter = "ip in forward tcp est",\
Ascend-Data-Filter = "ip in forward dstip
63.240.133.32/28",\
Ascend-Data-Filter = "ip in drop tcp dstport = 25",\
Ascend-Data-Filter = "ip in forward 0",\
Service-Type = Framed-User,\
Framed-Protocol = PPP
</AuthBy>
<AuthBy SQL>
Identifier niiVispAuthCrypt
DBSource dbi:mysql:service:x.x.x.x
DBUsername xxxxxx
DBAuth xxxxxx
AuthSelect select
encr_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \
from dial_auth \
where `User-Name`='%n' and network='%{network}'
AuthColumnDef 0,Encrypted-Password,check
AuthColumnDef 1,Simultaneous-Use,check
AuthColumnDef 2,Class,reply
AuthColumnDef 3,Session-Timeout,reply
AuthColumnDef 4,Idle-Timeout,reply
NoDefault
# Don't try select for DEFAULT
IgnoreAccounting
AddToReply Ascend-Data-Filter = "ip in forward tcp est",\
Ascend-Data-Filter = "ip in forward dstip
63.240.133.32/28",\
Ascend-Data-Filter = "ip in drop tcp dstport = 25",\
Ascend-Data-Filter = "ip in forward 0",\
Service-Type = Framed-User,\
Framed-Protocol = PPP
</AuthBy>
<AuthBy SQL>
Identifier niiInternalAuthClear
DBSource dbi:mysql:service:x.x.x.x
DBUsername xxxxx
DBAuth xxxxx
AuthSelect select
clear_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \
from dial_auth \
where `User-Name`='%n'
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Simultaneous-Use,check
AuthColumnDef 2,Class,reply
AuthColumnDef 3,Session-Timeout,reply
AuthColumnDef 4,Idle-Timeout,reply
NoDefault # Don't
try select for DEFAULT
IgnoreAccounting
AddToReply Ascend-Data-Filter = "ip in forward tcp est",\
Ascend-Data-Filter = "ip in forward dstip
63.240.133.32/28",\
Ascend-Data-Filter = "ip in drop tcp dstport = 25",\
Ascend-Data-Filter = "ip in forward 0",\
Service-Type = Framed-User,\
Framed-Protocol = PPP
</AuthBy>
..... Just more of the same, I am going to cut to the handlers
<Handler network = internal>
PasswordLogFileName %L/internal.password.log
AuthByPolicy ContinueUntilAccept
AuthBy niiInternalAuthCrypt
AuthBy niiInternalAuthClear
AuthBy niiSystemAuthCrypt
AuthBy niiSystemAuthClear
AuthBy niiAcct
</Handler>
<Handler Realm = bluebuzz.net>
PasswordLogFileName %L/%R.password.log
AuthByPolicy ContinueUntilAccept
AuthBy niiVispAuthClear
AuthBy niiVispAuthCrypt
AuthBy niiSystemAuthClear
AuthBy niiSystemAuthCrypt
AuthBy niiAcct
</Handler>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030120/62626060/attachment.html>
More information about the radiator
mailing list