(RADIATOR) does a proxied radius reponse return via the proxy?

Hugh Irvine hugh at open.com.au
Thu Mar 10 08:30:02 CST 2005 

Hello Tariq -

The proxy reply _should_ come back from the same IP address and port 
number the proxy request was sent to.

However, there are cases in which this does not happen.

To deal with this situation the best solution is to use 
"UseExtendedIds" in the AuthBy RADIUS clause(s).

And yes you can do post-processing of proxy responses using a ReplyHook 
- there is an example in "goodies/hooks.txt".

regards

Hugh


On 10 Mar 2005, at 13:03, Tariq Rashid wrote:

>
> just a quick question about proxying radius.
>
> when a radius proxy forward a request onto the target radius servers, 
> does
> the response ncessarily return via the proxy server/device?
>
> i ask this because if i want to post-process replies from a radius 
> server
> (the target of the proxying) i need to be sure that the reply packet 
> will in
> fact be returning via the proxying server.
>
> the other possibility is that a proxied packet can have it target 
> address
> rewritten to the target radius server but the reply is directly to the
> radius client (the source address is not rewriiten). this is not 
> entirely
> unlikely as radius is not a connection-oritented TCP protocol.
>
> advice / comments welcome.
>
> tariq
>
> ps - it is possible to do this post-processing in radiator? this like 
> adding
> attributes, sanity checking some attributes?
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: I am travelling this week, so there may be delays in our 
correspondence.

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list