(RADIATOR) Comments and Suggestions needed

Mike McCauley mikem at open.com.au
Fri Feb 18 02:51:16 CST 2005


Hello Miko,


Although the LocalAddr will be set currectly for the first tranmsission, if 
the request has to be retransmitted to a different host, a new source socket 
will be chosen based on the value of LocalAddr in force at the time of 
sending to the next host.

It may work OK if there is only one Host in the AuthBy RADIUS.

Cheers.

On Friday 18 February 2005 01:44, miko at yournetplus.com wrote:
> I think I may have found a problem, but a not sure how to test this yet.
> In running this as a PreAuthHook there may be a potential problem for
> configurations that have multiple AuthBys. If an AuthBy takes too much
> time to finish before reaching the modified AuthBy Radius and another
> packet comes in for the same Handler then the LocalAddress field could
> potentially be changd again could it not, before the first packet has
> finished and run through the AuthBy Radius???
>
> Has there ever been a request for the ability to run a hook inside of an
> authby???
>
> -Miko
>
> <----- Original Message ----->
> From: Mike McCauley <mikem at open.com.au>
> To: "miko at yournetplus.com" <miko at yournetplus.com>
> CC: radiator at open.com.au
> Sent: Friday, February 18, 2005 12:08:08 AM
> Subject: (RADIATOR) Comments and Suggestions needed
>
> > Helo Miko,
> >
> > On Friday 18 February 2005 00:47, miko at yournetplus.com wrote:
> >>Doing some experimenting lately and for our configuration we require that
> >>certain requests be sent out on different IP Addresses bound to our
> >> server when we Proxy using AuthBy Radius and AuthBy RoundRobin. Easy
> >> enough with the LocalAddress tag, however, we actually have several
> >> different IP addresses that are used, but nearly all of the AuthBy's are
> >> using identical information with the exception of LocalAddress. To help
> >> trim down maintenance time and lessen the amount of different AuthBys
> >> needed in the config I am trying to find a way to make LocalAddress a
> >> Dynamic value instead of Static. In doing some research on how you can
> >> change object parameters using MONITOR syntax I came up with this tidy
> >> little hook that I can call to do what needs to be done.
> >>
> >>PreAuthHook sub {                                     \
> >>my $authby = Radius::AuthGeneric::find('authbyid');   \
> >>$authby->set('LocalAddress','127.0.0.1');             \
> >>}
> >>
> >>Obviously my end script will use more dynamic references for the AuthBy
> >>Identifier and the IP Address being assigned, but that is the essential
> >>meat of the script above.
> >>
> >>So here's my question, can anyone see any caveats to doing this? and does
> >>anyone with a bit more programming/Radiator experience than I see any
> >>issues with changing the LocalAddress parameter on the fly for each
> >> radius packet that gets processed???
> >
> > I havent tried this but I think it should work. The effect of changing
> > the LocalAddress will be that AuthBy RADIUS will search for a different
> > outbound socket for each LocalAddress and create it if it does not exist.
> >
> > I think it should work.
> >
> > Cheers.
> >
> >>Thanks in Advance,
> >>Miko
> >>
> >>--
> >>Archive at http://www.open.com.au/archives/radiator/
> >>Announcements on radiator-announce at open.com.au
> >>To unsubscribe, email 'majordomo at open.com.au' with
> >>'unsubscribe radiator' in the body of the message.

-- 
Mike McCauley                               mikem at open.com.au
Open System Consultants Pty. Ltd            Unix, Perl, Motif, C++, WWW
9 Bulbul Place Currumbin Waters QLD 4223 Australia   http://www.open.com.au
Phone +61 7 5598-7474                       Fax   +61 7 5598-7070

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP etc on Unix, Windows, MacOS etc.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list