[RADIATOR] ContinueWhileReject

Toomas Kärner tomkar at estpak.ee
Tue Oct 28 00:29:16 CST 2008


Hello Hugh,

I forgot to mention that it's only one host in a farm of several. If
it has a problem (sql db dead) it should go quiet and then clients
will declare it dead and use the other remaining servers.
In my case (sql failure in that host) it did not go quiet but started
giving Access-Accept's defined in "Identifier AcceptAllBS". I'm not
saying that it performed badly - my config was like this
In short:
If I use ContinueWhileReject as AuthByPolicy will it exit in case of
SQL failure with a result IGNORE?

This AuthBy INTERNAL in the end is not meant for fallback in case of
DB failure. It's meant for new customers registration.

I hope I was clear enough this time ;)

Rgds.
Toomas

Tuesday, October 28, 2008, 1:59:38 AM, you wrote:

> Hello Toomas -

> I'm not quite sure I understand what you are wanting to do.

> It may be the case that you need two different AuthBy policies  
> defined in one or more AuthBy GROUP's?

> regards

> Hugh


> On 28 Oct 2008, at 00:43, Toomas Kärner wrote:

>> Hi all,
>>
>> I'm a little unsure and want to confirm my theory.
>> Currently I have a setup:
>>
>> <Handler >
>>         AuthByPolicy ContinueUntilAccept
>>     <AuthBy SQL>
>>         Identifier MacWhiteList
>>         ... try to find from whitelist...
>>     </AuthBy>
>>     #################################################
>>     <AuthBy SQL>
>>         Identifier Option82
>>         ... try to find by option.82...
>>     </AuthBy>
>>     #################################################
>>     <AuthBy INTERNAL>
>>         Identifier AcceptAllBS
>>         DefaultResult ACCEPT
>>         AddToReply "some default failure profile in case we didn't
>>         find anything from DB"
>>     </AuthBy>
>>     #################################################
>> </Handler>
>>
>> Now, I had a SQL failure in that host and both AuthBy SQL's started
>> returning "Ignore" request fell down to the "AcceptAllBS" which gave
>> result "not found in DB" which was not desired result. Ignore was.
>> I should use ContinueWhileReject as AuthByPolicy, right? (I have read
>> already the manual, no need to paste, I just want to confirm).
>> Desired result is that that radius shut's up (Ignores) and the network
>> will discard it from use instead of giving out "bad" info that "not
>> found in DB"...
>>
>> ############
>> -> http://www.mail-archive.com/radiator@open.com.au/msg03049.html
>> Hi Christian,
>>
>> also, perhaps you might consider that
>> ContinueUntilAccept is (usually) indentical to ContinueWhile(ignore  
>> or reject)
>>
>> Cheers.
>> ############
>> "usually" - :P
>>
>> Just as a study case - it caused the "faulty" radius server to
>> continue serving clients and setting them up to be redirected to an
>> "error page" when there really was no error in DB (in records).
>>
>>
>> Rgds.
>> Toomas
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator



> NB:

> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/ 
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page





More information about the radiator mailing list