(RADIATOR) Comments and Suggestions needed

Mike McCauley mikem at open.com.au
Thu Feb 17 18:38:55 CST 2005


Hello Miko,

On Friday 18 February 2005 01:44, miko at yournetplus.com wrote:
> I think I may have found a problem, but a not sure how to test this yet.
> In running this as a PreAuthHook there may be a potential problem for
> configurations that have multiple AuthBys. If an AuthBy takes too much
> time to finish before reaching the modified AuthBy Radius and another
> packet comes in for the same Handler then the LocalAddress field could
> potentially be changd again could it not, before the first packet has
> finished and run through the AuthBy Radius???

I think that can only happen if the intervening AuthBy is an AuthBy RADIUS.

>
> Has there ever been a request for the ability to run a hook inside of an
> authby???
You can run a hook in an AuthBy INTERNAL, so you could have:

<AuthBy xxxx>
</AuthBy>
<AuthBy INTERNAL>
	RequestHook .... modify LocalAddress of AuthBy RADIUS
</AuthBy>
</AuthBy RADIUS>
</AuthBy>

Cheers.

>
> -Miko
>
> <----- Original Message ----->
> From: Mike McCauley <mikem at open.com.au>
> To: "miko at yournetplus.com" <miko at yournetplus.com>
> CC: radiator at open.com.au
> Sent: Friday, February 18, 2005 12:08:08 AM
> Subject: (RADIATOR) Comments and Suggestions needed
>
> > Helo Miko,
> >
> > On Friday 18 February 2005 00:47, miko at yournetplus.com wrote:
> >>Doing some experimenting lately and for our configuration we require that
> >>certain requests be sent out on different IP Addresses bound to our
> >> server when we Proxy using AuthBy Radius and AuthBy RoundRobin. Easy
> >> enough with the LocalAddress tag, however, we actually have several
> >> different IP addresses that are used, but nearly all of the AuthBy's are
> >> using identical information with the exception of LocalAddress. To help
> >> trim down maintenance time and lessen the amount of different AuthBys
> >> needed in the config I am trying to find a way to make LocalAddress a
> >> Dynamic value instead of Static. In doing some research on how you can
> >> change object parameters using MONITOR syntax I came up with this tidy
> >> little hook that I can call to do what needs to be done.
> >>
> >>PreAuthHook sub {                                     \
> >>my $authby = Radius::AuthGeneric::find('authbyid');   \
> >>$authby->set('LocalAddress','127.0.0.1');             \
> >>}
> >>
> >>Obviously my end script will use more dynamic references for the AuthBy
> >>Identifier and the IP Address being assigned, but that is the essential
> >>meat of the script above.
> >>
> >>So here's my question, can anyone see any caveats to doing this? and does
> >>anyone with a bit more programming/Radiator experience than I see any
> >>issues with changing the LocalAddress parameter on the fly for each
> >> radius packet that gets processed???
> >
> > I havent tried this but I think it should work. The effect of changing
> > the LocalAddress will be that AuthBy RADIUS will search for a different
> > outbound socket for each LocalAddress and create it if it does not exist.
> >
> > I think it should work.
> >
> > Cheers.
> >
> >>Thanks in Advance,
> >>Miko
> >>
> >>--
> >>Archive at http://www.open.com.au/archives/radiator/
> >>Announcements on radiator-announce at open.com.au
> >>To unsubscribe, email 'majordomo at open.com.au' with
> >>'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list