[RADIATOR] ContinueWhileReject

Hugh Irvine hugh at open.com.au
Tue Oct 28 16:15:33 CST 2008 

Hello Toomas -

Yes you should use ContinueWhileReject.

There are in fact 4 possible responses: Accept, Reject, Ignore, or  
Challenge.

regards

Hugh


On 28 Oct 2008, at 17:29, Toomas Kärner wrote:

> Hello Hugh,
>
> I forgot to mention that it's only one host in a farm of several. If
> it has a problem (sql db dead) it should go quiet and then clients
> will declare it dead and use the other remaining servers.
> In my case (sql failure in that host) it did not go quiet but started
> giving Access-Accept's defined in "Identifier AcceptAllBS". I'm not
> saying that it performed badly - my config was like this
> In short:
> If I use ContinueWhileReject as AuthByPolicy will it exit in case of
> SQL failure with a result IGNORE?
>
> This AuthBy INTERNAL in the end is not meant for fallback in case of
> DB failure. It's meant for new customers registration.
>
> I hope I was clear enough this time ;)
>
> Rgds.
> Toomas
>
> Tuesday, October 28, 2008, 1:59:38 AM, you wrote:
>
>> Hello Toomas -
>
>> I'm not quite sure I understand what you are wanting to do.
>
>> It may be the case that you need two different AuthBy policies
>> defined in one or more AuthBy GROUP's?
>
>> regards
>
>> Hugh
>
>
>> On 28 Oct 2008, at 00:43, Toomas Kärner wrote:
>
>>> Hi all,
>>>
>>> I'm a little unsure and want to confirm my theory.
>>> Currently I have a setup:
>>>
>>> <Handler >
>>>         AuthByPolicy ContinueUntilAccept
>>>     <AuthBy SQL>
>>>         Identifier MacWhiteList
>>>         ... try to find from whitelist...
>>>     </AuthBy>
>>>     #################################################
>>>     <AuthBy SQL>
>>>         Identifier Option82
>>>         ... try to find by option.82...
>>>     </AuthBy>
>>>     #################################################
>>>     <AuthBy INTERNAL>
>>>         Identifier AcceptAllBS
>>>         DefaultResult ACCEPT
>>>         AddToReply "some default failure profile in case we didn't
>>>         find anything from DB"
>>>     </AuthBy>
>>>     #################################################
>>> </Handler>
>>>
>>> Now, I had a SQL failure in that host and both AuthBy SQL's started
>>> returning "Ignore" request fell down to the "AcceptAllBS" which gave
>>> result "not found in DB" which was not desired result. Ignore was.
>>> I should use ContinueWhileReject as AuthByPolicy, right? (I have  
>>> read
>>> already the manual, no need to paste, I just want to confirm).
>>> Desired result is that that radius shut's up (Ignores) and the  
>>> network
>>> will discard it from use instead of giving out "bad" info that "not
>>> found in DB"...
>>>
>>> ############
>>> -> http://www.mail-archive.com/radiator@open.com.au/msg03049.html
>>> Hi Christian,
>>>
>>> also, perhaps you might consider that
>>> ContinueUntilAccept is (usually) indentical to ContinueWhile(ignore
>>> or reject)
>>>
>>> Cheers.
>>> ############
>>> "usually" - :P
>>>
>>> Just as a study case - it caused the "faulty" radius server to
>>> continue serving clients and setting them up to be redirected to an
>>> "error page" when there really was no error in DB (in records).
>>>
>>>
>>> Rgds.
>>> Toomas
>>>
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>
>
>
>> NB:
>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/archives/
>> radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list