(RADIATOR) AuthBy flow control
Hugh Irvine
hugh at open.com.au
Wed Aug 10 15:45:52 CDT 2005
Hello Andrew -
Is this what you are looking for?
<Handler Client-Identifier = VPN>
AuthByPolicy ContinueUntilAccept
#blacklist - accepts, but doesn't get an address, so effectively
rejected
<AuthBy FILE>
Filename %D/blocked.txt
</AuthBy>
#guests
<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
<AuthBy FILE>
Filename %D/include/vpn.guest
</AuthBy>
<AuthBy DYNADDRESS>
AddressAllocator noc-dhcp-allocator
StripFromReply PoolHint
</AuthBy>
</AuthBy>
#directory
<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
# whitelist
<AuthBy FILE>
Filename %D/include/whitelist
</AuthBy>
<AuthBy LDAP2>
Include %D/include/directory.cfg
AuthAttrDef request
</AuthBy>
<AuthBy DYNADDRESS>
AddressAllocator noc-dhcp-allocator
StripFromReply PoolHint
</AuthBy>
</AuthBy>
AcctLogFileName %L/detail
</Handler>
Its not exactly clear to me what your requirements are, so if the
above is not correct let me know.
regards
Hugh
On 11 Aug 2005, at 05:00, Andrew D. Clark wrote:
> Hi,
>
> I'm running Radiator 3.11. I've got an intractable (to me) problem
> in a
> particular handler. What I've got setup currently is a handler
> where VPN
> users get authenticated (or blacklisted) and then get allocated an
> address.
>
> <Handler Client-Identifier = VPN>
> <AuthBy GROUP>
> AuthByPolicy ContinueUntilAccept
>
> #blacklist - accepts, but doesn't get an address, so effectively
> rejected
> <AuthBy FILE>
> Filename %D/blocked.txt
> </AuthBy>
>
> #guests
> <AuthBy GROUP>
> AuthByPolicy ContinueWhileAccept
>
> <AuthBy FILE>
> Filename %D/include/vpn.guest
> </AuthBy>
>
> <AuthBy DYNADDRESS>
> AddressAllocator noc-dhcp-allocator
> StripFromReply PoolHint
> </AuthBy>
> </AuthBy>
>
> #directory
> <AuthBy GROUP>
> AuthByPolicy ContinueWhileAccept
>
> # whitelist
> <AuthBy FILE>
> Filename %D/include/whitelist
> </AuthBy>
>
> <AuthBy LDAP2>
> Include %D/include/directory.cfg
> AuthAttrDef request
> </AuthBy>
>
> <AuthBy DYNADDRESS>
> AddressAllocator noc-dhcp-allocator
> StripFromReply PoolHint
> </AuthBy>
> </AuthBy>
>
> </AuthBy>
>
> AcctLogFileName %L/detail
>
> </Handler>
>
> If guest auth suceeds, I basically want to break at that point (or
> have the
> outer AuthByPolicy take effect, since I've suceeded), but since I
> need an
> AuthByPolicy of ContinueWhileAccept in the guest block to get address
> allocation (which needs to come after the AuthBy File to pick up the
> PoolHint), I end up continuing on to the next AuthBy Group, which
> ends up
> rejecting the request. I get similar fun if I swap the guests and
> the LDAP
> users around. Is there a way to do get the flow-control I'm
> looking for?
>
> --
> Andrew Clark
> Campus Network Programmer
> University of California, Santa Barbara
> andrew.clark at ucsb.edu (805) 893-5311
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list