(RADIATOR) multiple LDAP servers
Hugh Irvine
hugh at open.com.au
Thu Sep 21 19:08:47 CDT 2006
Hello Jethro -
Unfortunately there is no easy way to do what you describe as the
logging happens after all of the AuthBy clauses have been run.
Radiator doesn't keep track of the AuthBy sequence internally, other
than the overall result.
Your only alternative is use an AuthBy INTERNAL and write a hook to
call your AuthBy clauses and log whatever you need.
There are numerous example hooks in "goodies/hooks.txt".
regards
Hugh
On 22 Sep 2006, at 09:03, Jethro R Binks wrote:
> On Thu, 21 Sep 2006, Rob Hunter wrote:
>
>> Any idea what the syntax for multiple LDAP servers is in the AuthBy
>> section of radius.cfg?
>>
>> currently I have:
>>
>> <radius.cfg>
>> <AuthBy LDAP2>
>> Host ldap.server.com
>> Version 3
>> ...........
>> </snip>
>>
>> adding another 'Host' statement below that doesn't seem to give me
>> any
>> error, and taking the first server offline doesn't produce the
>> required
>> results. I'm not wanting to round-robin the requests, just have a
>> failover type scenario.
>
> I do something like this. Essentially, we have something a bit like:
>
> <AuthBy GROUP>
> Identifier ldapservers
> AuthBy ldap1
> AuthBy ldap2
> AuthBy ldap3
> </AuthBy>
>
> There is an implicit ContinueWhileIgnore, which means if ldap1 was
> unavailable, then try the next.
>
> Previous to the above clause, you need to define the AuthBys:
>
> <AuthBy LDAP2>
> Identifier ldap1
> Host ldapservername
> ... other ldap stuff, BaseDN, etc
> NoDefault
> </AuthBy>
>
> The above notes are a bit quick, but might help; I actually want to
> ask
> another question which has just arisen for me. Perhaps the answer is
> obvious, but it is too late for me to work it out for myself today!
>
> Having the above scenario, I want to log which ldap server actually
> gave
> the response we are using (ie, yes or no to a password check for a
> user
> in this case); I currently do things like:
>
> # Log authentication activities to a file
> <AuthLog FILE>
> Identifier authlog
> ...
> LogSuccess 1
> LogFailure 1
> SuccessFormat %l OK \
> client=%C clientip=%c clientident=%
> {Client:Identifier} \
> nasip=%N \
> requser=%u user=%U realm=%R pass=* \
> handler=%{Handler:Identifier} \
> rmessage=%{Reply:Reply-Message}
> ...
>
> I'd like to get the Identifier of the ultimate AuthBy clause which
> produced the answer in that log line too.
>
> Any obvious answer I've missed?
>
> Jethro.
>
>>
>> Regards
>>
>> --Rob
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>
> . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
> . . .
> Jethro R Binks
> Computing Officer, IT Services
> University Of Strathclyde, Glasgow, UK
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list