[RADIATOR] ContinueWhileReject

Hugh Irvine hugh at open.com.au
Mon Oct 27 17:59:38 CST 2008


Hello Toomas -

I'm not quite sure I understand what you are wanting to do.

It may be the case that you need two different AuthBy policies  
defined in one or more AuthBy GROUP's?

regards

Hugh


On 28 Oct 2008, at 00:43, Toomas Kärner wrote:

> Hi all,
>
> I'm a little unsure and want to confirm my theory.
> Currently I have a setup:
>
> <Handler >
>         AuthByPolicy ContinueUntilAccept
>     <AuthBy SQL>
>         Identifier MacWhiteList
>         ... try to find from whitelist...
>     </AuthBy>
>     #################################################
>     <AuthBy SQL>
>         Identifier Option82
>         ... try to find by option.82...
>     </AuthBy>
>     #################################################
>     <AuthBy INTERNAL>
>         Identifier AcceptAllBS
>         DefaultResult ACCEPT
>         AddToReply "some default failure profile in case we didn't
>         find anything from DB"
>     </AuthBy>
>     #################################################
> </Handler>
>
> Now, I had a SQL failure in that host and both AuthBy SQL's started
> returning "Ignore" request fell down to the "AcceptAllBS" which gave
> result "not found in DB" which was not desired result. Ignore was.
> I should use ContinueWhileReject as AuthByPolicy, right? (I have read
> already the manual, no need to paste, I just want to confirm).
> Desired result is that that radius shut's up (Ignores) and the network
> will discard it from use instead of giving out "bad" info that "not
> found in DB"...
>
> ############
> -> http://www.mail-archive.com/radiator@open.com.au/msg03049.html
> Hi Christian,
>
> also, perhaps you might consider that
> ContinueUntilAccept is (usually) indentical to ContinueWhile(ignore  
> or reject)
>
> Cheers.
> ############
> "usually" - :P
>
> Just as a study case - it caused the "faulty" radius server to
> continue serving clients and setting them up to be redirected to an
> "error page" when there really was no error in DB (in records).
>
>
> Rgds.
> Toomas
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list