(RADIATOR) Handler/AuthBy clause composition
Frank Danielson
fdanielson at csky.com
Wed Aug 17 22:26:40 CDT 2005
Hi Hugh-
Wouldn't the AuthBy RADIUS cause a problem with this because it immediately
returns an IGNORE to the group after forwarding the request? Or is the
behaviour different inside of an AuthBy GROUP clause?
I would have guessed that Chris would need either two different AuthBy
RADIUS clauses with thier own AddToReply or a ReplyHook in the AuthBy RADIUS
that added the correct reply attribute based on the Identifier.
Either that or use the Synchronous directive in the AuthBy RADIUS which has
its own set of baggage.
-Frank
-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au]
Sent: Wednesday, August 17, 2005 6:32 PM
To: chills at ne-worcs.ac.uk
Cc: radiator at open.com.au
Subject: Re: (RADIATOR) Handler/AuthBy clause composition
Hello Chris -
Try something like this:
<AuthBy LDAP2>
Identifier CheckLDAP
...
</AuthBy>
<AuthBy RADIUS>
Identifier CheckRADIUS
...
</AuthBy>
<Handler Identifier=Site1-Switch>
AuthByPolicy ContinueUntilAccept
<AuthBy GROUP>
AuthBy CheckLDAP
AddToReply Tunnel-Private-Group-ID=21
</AuthBy>
<AuthBy GROUP>
AuthBy CheckRADIUS
AddToReply Tunnel-Private-Group-ID=22
</AuthBy>
</Handler>
<Handler Identifier=Site1-Wap>
AuthByPolicy ContinueUntilAccept
<AuthBy GROUP>
AuthBy CheckLDAP
AddToReply Tunnel-Private-Group-ID=23
</AuthBy>
<AuthBy GROUP>
AuthBy CheckRADIUS
AddToReply Tunnel-Private-Group-ID=24
</AuthBy>
</Handler>
regards
Hugh
On 18 Aug 2005, at 01:28, Chris Hills wrote:
> Hi
>
> I would like to use the same AuthBy clause, but specify some
> different AddToReply attributes depending upon the Handler it is
> used in.
>
> For example,
>
> <AuthBy LDAP2>
> Identifier CheckLDAP
> ...
> </AuthBy>
>
> <AuthBy RADIUS>
> Identifier CheckRADIUS
> ...
> </AuthBy>
>
> <Handler Identifier=Site1-Switch>
> <AuthBy CheckLDAP>
> ^ AddToReply Tunnel-Private-Group-ID=21
>
> <AuthBy CheckRADIUS>
> ^ AddToReply Tunnel-Private-Group-ID=22
> </Handler>
>
> <Handler Identifier=Site1-Wap>
> <AuthBy CheckLDAP>
> ^ AddToReply Tunnel-Private-Group-ID=23
>
> <AuthBy CheckRADIUS>
> ^ AddToReply Tunnel-Private-Group-ID=24
> </Handler>
>
> What is the best way to write this in the config file, without
> having to resort to distinctive AuthBy clauses?
>
> Regards
>
> --
> Chris Hills | Tel: +44 (0)1527 572754
> IT Services | Fax: +44 (0)1527 572901
> North East Worcestershire College | Web: http://www.ne-worcs.ac.uk/
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list