(RADIATOR) Putting PostAuthHook script in background.

Hugh Irvine hugh at open.com.au
Fri Feb 13 02:44:34 CST 2004


Hello Ziaur -

In my previous mail I mentioned that I would be inclined to use two 
instances of Radiator for this.

The first one should simply proxy the accounting starts and stops to 
the second instance and you should use IgnoreAccountingResponse in the 
AuthBy RADIUS clause. The second instance can then run your 
PostAuthHook.

This will let your first Radiator instance continue processing while 
the second instance deals with DynamicDNS.

First instance would look something like this:

# define Realm or Handler

<Realm .....>

	AuthByPolicy ContinueAlways

	<AuthBy RADIUS>
		.....

		Retries 0

		IgnoreAuthentication

		IgnoreAccountingResponse

	</AuthBy>

	# your normal AuthBy
	
	<AuthBy .....>
		.....
	</AuthBy>

</Realm>


And the second instance would look something like this:

<Handler>
	AccountingHandled
	<AuthBy INTERNAL>
		AcctResult ACCEPT
	</AuthBy>

	PostAuthHook ......
</Handler>


Hope that helps.

regards

Hugh


On 14 Feb 2004, at 10:56, Ziaur Rahman wrote:

>
> Well, actually I wrote a perl script which updates my DynamicDNS 
> server on
> specific users' login and logout. So, based on the Session Status I 
> update
> the DNS server (remote). The script does the following things step by 
> step:
>
> 1. On every call from PostAuthHook, it connects to a local mysql 
> database to
> see if the user is being enabled for DDNS or not.
> 2. If the user is disabled, it simply quits.
> 3. If the use is enabled, it checks the Acct-Status-Type attribute 
> supplied
> by radiator.
> 4. If the Acct-Status-Type is Start, it adds the Framed-IP-Address in 
> the
> DynamicDNS against the host registered for the user.
> 5. If the Acct-Status-Type is Stop, it removes the host record for that
> spacific user from the DNS.
>
> So, if for any reason, the remote DNS server cannot be reached, 
> radiator
> stalls. The irony is, it doesn't even resume operations once the DNS 
> server
> is back up. If I could even mention a timeout for the PostAuthHook 
> scripts
> response then it would be nice.
>
> Hope this explains.
>
> Regards,
>
> +---------------------------------------------------+
> | Ziaur Rahman           |       PGP Key: 0x8F30F439|
> | http://www.zort.org    |        http://pgp.mit.edu|
> |                        |                          |
> +---------------------------------------------------+
> .-.-.-.-.-.-.-.-.- Quote-o-moment .-.-.-.-.-.-.-.-.-.
>
> There are two types of people in this world, good and bad. The good 
> sleep
> better, but the bad seem to enjoy the waking hours much more. - Woody 
> Allen
>
> .-.-.-.-.-.-.-.-.- Quote-o-moment .-.-.-.-.-.-.-.-.-.
>
>
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au]
> Sent: Thursday, February 12, 2004 11:00 PM
> To: Ziaur Rahman
> Cc: radiator at open.com.au
> Subject: Re: (RADIATOR) Putting PostAuthHook script in background.
>
>
> Hello Ziaur -
>
> Yes you are correct - Radiator will wait for the PostAuthHook to 
> complete
> before continuing.
>
> The correct answer to your question will depend on what else you are 
> doing
> and what your exact requirements are.
>
> You may find an AuthBy EXTERNAL clause or even a custom AuthBy clause 
> more
> useful. Alternatively you might be able to use a second instance of 
> Radiator
> and proxy those requests that need special treatment there.
>
> More details are required before I can suggest anything.
>
> regards
>
> Hugh
>
>
> On 14 Feb 2004, at 06:16, Ziaur Rahman wrote:
>
>>
>> Hi,
>>
>> Recently, I realised that when calling an external PostAuthHook perl
>> script, radiator waits for the script to finish. Or, if the hook
>> script calls another perl script to perform some job and if that
>> script, for some reason, stalls or waits for an exit, radiator also
>> stalls or freezes.
>>
>> My question: is there a way I can put the hook script in background?
>> Or maybe instruct radiator not to wait for the hook script to finish?
>>
>> TIA.
>>
>> Regards,
>>
>> +---------------------------------------------------+
>> | Ziaur Rahman           |       PGP Key: 0x8F30F439|
>> | http://www.zort.org    |        http://pgp.mit.edu|
>> |                        |                          |
>> +---------------------------------------------------+
>> .-.-.-.-.-.-.-.-.- Quote-o-moment .-.-.-.-.-.-.-.-.-.
>>
>> Results! Why man, I have gotten a lot of results. I know several
>> thousand things that won't work. - Thomas Alva Edison
>>
>> .-.-.-.-.-.-.-.-.- Quote-o-moment .-.-.-.-.-.-.-.-.-.
>>
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au To unsubscribe, email
>> 'majordomo at open.com.au' with 'unsubscribe radiator' in the body of the
>> message.
>>
>>
>
> NB: have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list