(RADIATOR) AuthByPolicy Question: ContinueUntilAccept
Steve Roderick
steve at uspops.com
Mon Jan 20 19:15:08 CST 2003
Couldn't you do some groups.
<AuthBy INTERNAL>
Identifier AlwaysReject
DefaultResult REJECT
</AuthBy>
<AuthBy INTERNAL>
Identifier AlwaysIgnore
DefaultResult IGNORE
</AuthBy>
<AuthBy GROUP>
AuthByPolicy ContinueWhileIgnore
<AuthBy GROUP>
AuthByPolicy ContinueUntilAccept
AuthBy niiVispAuthClear
AuthBy niiVispAuthCrypt
AuthBy niiSystemAuthClear
AuthBy niiSystemAuthCrypt
AuthBy niiAcct
AuthBy AlwaysIgnore
</AuthBy>
AuthBy AlwaysReject
</AuthBy>
Not sure if it will work or not, just off the top of my head.
I'm not sure why just adding "AuthBy AlwaysReject" to the end of your AuthBy list wouldn't do the same thing. I would try that first, and then try the groups.
Steve
----- Original Message -----
From: Jon Lindbo
To: radiator at open.com.au
Sent: Monday, January 20, 2003 2:47 PM
Subject: (RADIATOR) AuthByPolicy Question: ContinueUntilAccept
Hi,
I am having a little bit of trouble with some complex AuthBy handling I am doing. I have customers in various states of conversion to some new dialup settings and I am having to jump through 15 different hoops when authenticating them. The problem I am having is when I set my AuthByPolicy to ContinueUntilAccept, I have no way of sending a REJECT to the NAS if none of the AuthBy clauses ACCEPT the user. Is there a way to send a reject if the request was not accepted that I am not thinking of?
Below is a trimmed copy of the config.
Thanks
Jonathon Lindbo
<AuthBy SQL>
Identifier niiVispAuthClear
DBSource dbi:mysql:service:x.x.x.x
DBUsername xxxxxx
DBAuth xxxxxx
AuthSelect select clear_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \
from dial_auth \
where `User-Name`='%n' and network='%{network}'
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Simultaneous-Use,check
AuthColumnDef 2,Class,reply
AuthColumnDef 3,Session-Timeout,reply
AuthColumnDef 4,Idle-Timeout,reply
NoDefault # Don't try select for DEFAULT
IgnoreAccounting
AddToReply Ascend-Data-Filter = "ip in forward tcp est",\
Ascend-Data-Filter = "ip in forward dstip 63.240.133.32/28",\
Ascend-Data-Filter = "ip in drop tcp dstport = 25",\
Ascend-Data-Filter = "ip in forward 0",\
Service-Type = Framed-User,\
Framed-Protocol = PPP
</AuthBy>
<AuthBy SQL>
Identifier niiVispAuthCrypt
DBSource dbi:mysql:service:x.x.x.x
DBUsername xxxxxx
DBAuth xxxxxx
AuthSelect select encr_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \
from dial_auth \
where `User-Name`='%n' and network='%{network}'
AuthColumnDef 0,Encrypted-Password,check
AuthColumnDef 1,Simultaneous-Use,check
AuthColumnDef 2,Class,reply
AuthColumnDef 3,Session-Timeout,reply
AuthColumnDef 4,Idle-Timeout,reply
NoDefault # Don't try select for DEFAULT
IgnoreAccounting
AddToReply Ascend-Data-Filter = "ip in forward tcp est",\
Ascend-Data-Filter = "ip in forward dstip 63.240.133.32/28",\
Ascend-Data-Filter = "ip in drop tcp dstport = 25",\
Ascend-Data-Filter = "ip in forward 0",\
Service-Type = Framed-User,\
Framed-Protocol = PPP
</AuthBy>
<AuthBy SQL>
Identifier niiInternalAuthClear
DBSource dbi:mysql:service:x.x.x.x
DBUsername xxxxx
DBAuth xxxxx
AuthSelect select clear_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \
from dial_auth \
where `User-Name`='%n'
AuthColumnDef 0,User-Password,check
AuthColumnDef 1,Simultaneous-Use,check
AuthColumnDef 2,Class,reply
AuthColumnDef 3,Session-Timeout,reply
AuthColumnDef 4,Idle-Timeout,reply
NoDefault # Don't try select for DEFAULT
IgnoreAccounting
AddToReply Ascend-Data-Filter = "ip in forward tcp est",\
Ascend-Data-Filter = "ip in forward dstip 63.240.133.32/28",\
Ascend-Data-Filter = "ip in drop tcp dstport = 25",\
Ascend-Data-Filter = "ip in forward 0",\
Service-Type = Framed-User,\
Framed-Protocol = PPP
</AuthBy>
..... Just more of the same, I am going to cut to the handlers
<Handler network = internal>
PasswordLogFileName %L/internal.password.log
AuthByPolicy ContinueUntilAccept
AuthBy niiInternalAuthCrypt
AuthBy niiInternalAuthClear
AuthBy niiSystemAuthCrypt
AuthBy niiSystemAuthClear
AuthBy niiAcct
</Handler>
<Handler Realm = bluebuzz.net>
PasswordLogFileName %L/%R.password.log
AuthByPolicy ContinueUntilAccept
AuthBy niiVispAuthClear
AuthBy niiVispAuthCrypt
AuthBy niiSystemAuthClear
AuthBy niiSystemAuthCrypt
AuthBy niiAcct
</Handler>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030120/a58d721b/attachment.html>
More information about the radiator
mailing list