(RADIATOR) AuthByPolicy Question: ContinueUntilAccept

Steve Roderick steve at uspops.com
Mon Jan 20 19:15:08 CST 2003


Couldn't you do some groups.

<AuthBy INTERNAL>
    Identifier    AlwaysReject
    DefaultResult   REJECT
</AuthBy>
<AuthBy INTERNAL>
    Identifier    AlwaysIgnore
    DefaultResult   IGNORE
</AuthBy>

<AuthBy GROUP>
    AuthByPolicy ContinueWhileIgnore
    <AuthBy GROUP>
		        AuthByPolicy ContinueUntilAccept
        AuthBy  niiVispAuthClear
        AuthBy  niiVispAuthCrypt
        AuthBy  niiSystemAuthClear
        AuthBy  niiSystemAuthCrypt
        AuthBy  niiAcct
        AuthBy AlwaysIgnore
    </AuthBy>
    AuthBy AlwaysReject
</AuthBy>

Not sure if it will work or not, just off the top of my head.

I'm not sure why just adding "AuthBy AlwaysReject" to the end of your AuthBy list wouldn't do the same thing. I would try that first, and then try the groups.

Steve

----- Original Message ----- 
  From: Jon Lindbo 
  To: radiator at open.com.au 
  Sent: Monday, January 20, 2003 2:47 PM
  Subject: (RADIATOR) AuthByPolicy Question: ContinueUntilAccept


  Hi,
          I am having a little bit of trouble with some complex AuthBy handling I am doing.  I have customers in various states of conversion to some new dialup settings and I am having to jump through 15 different hoops when authenticating them.  The problem I am having is when I set my AuthByPolicy to ContinueUntilAccept, I have no way of sending a REJECT to the NAS if none of the AuthBy clauses ACCEPT the user.  Is there a way to send a reject if the request was not accepted that I am not thinking of?

  Below is a trimmed copy of the config.

  Thanks
  Jonathon Lindbo

  <AuthBy SQL>
          Identifier      niiVispAuthClear

          DBSource        dbi:mysql:service:x.x.x.x
          DBUsername      xxxxxx
          DBAuth          xxxxxx

          AuthSelect      select clear_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \
                          from dial_auth \
                          where `User-Name`='%n' and network='%{network}'

          AuthColumnDef   0,User-Password,check
          AuthColumnDef   1,Simultaneous-Use,check
          AuthColumnDef   2,Class,reply
          AuthColumnDef   3,Session-Timeout,reply
          AuthColumnDef   4,Idle-Timeout,reply
          NoDefault                                                               # Don't try select for DEFAULT

          IgnoreAccounting

          AddToReply      Ascend-Data-Filter = "ip in forward tcp est",\
                          Ascend-Data-Filter = "ip in forward dstip 63.240.133.32/28",\
                          Ascend-Data-Filter = "ip in drop tcp dstport = 25",\
                          Ascend-Data-Filter = "ip in forward 0",\
                          Service-Type = Framed-User,\
                          Framed-Protocol = PPP
  </AuthBy>
  <AuthBy SQL>
          Identifier      niiVispAuthCrypt

          DBSource        dbi:mysql:service:x.x.x.x
          DBUsername      xxxxxx
          DBAuth          xxxxxx

          AuthSelect      select encr_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \
                          from dial_auth \
                          where `User-Name`='%n' and network='%{network}'

          AuthColumnDef   0,Encrypted-Password,check
          AuthColumnDef   1,Simultaneous-Use,check
          AuthColumnDef   2,Class,reply
          AuthColumnDef   3,Session-Timeout,reply
          AuthColumnDef   4,Idle-Timeout,reply
          NoDefault                                                               # Don't try select for DEFAULT

          IgnoreAccounting

          AddToReply      Ascend-Data-Filter = "ip in forward tcp est",\
                          Ascend-Data-Filter = "ip in forward dstip 63.240.133.32/28",\
                          Ascend-Data-Filter = "ip in drop tcp dstport = 25",\
                          Ascend-Data-Filter = "ip in forward 0",\
                          Service-Type = Framed-User,\
                          Framed-Protocol = PPP
  </AuthBy>
  <AuthBy SQL>
          Identifier      niiInternalAuthClear

          DBSource        dbi:mysql:service:x.x.x.x
          DBUsername      xxxxx
          DBAuth          xxxxx

          AuthSelect      select clear_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \
                          from dial_auth \
                          where `User-Name`='%n'

          AuthColumnDef   0,User-Password,check
          AuthColumnDef   1,Simultaneous-Use,check
          AuthColumnDef   2,Class,reply
          AuthColumnDef   3,Session-Timeout,reply
          AuthColumnDef   4,Idle-Timeout,reply
          NoDefault                                                # Don't try select for DEFAULT

          IgnoreAccounting

          AddToReply      Ascend-Data-Filter = "ip in forward tcp est",\
                          Ascend-Data-Filter = "ip in forward dstip 63.240.133.32/28",\
                          Ascend-Data-Filter = "ip in drop tcp dstport = 25",\
                          Ascend-Data-Filter = "ip in forward 0",\
                          Service-Type = Framed-User,\
                          Framed-Protocol = PPP
  </AuthBy>

  ..... Just more of the same, I am going to cut to the handlers

  <Handler network = internal>
          PasswordLogFileName %L/internal.password.log
          AuthByPolicy ContinueUntilAccept

          AuthBy  niiInternalAuthCrypt
          AuthBy  niiInternalAuthClear
          AuthBy  niiSystemAuthCrypt
          AuthBy  niiSystemAuthClear
          AuthBy  niiAcct
  </Handler>
  <Handler Realm = bluebuzz.net>
          PasswordLogFileName %L/%R.password.log
          AuthByPolicy ContinueUntilAccept

          AuthBy  niiVispAuthClear
          AuthBy  niiVispAuthCrypt
          AuthBy  niiSystemAuthClear
          AuthBy  niiSystemAuthCrypt
          AuthBy  niiAcct
  </Handler> 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030120/a58d721b/attachment.html>


More information about the radiator mailing list