[RADIATOR] ContinueWhileReject
Toomas Kärner
tomkar at estpak.ee
Wed Oct 29 08:39:04 CST 2008
Hello Hugh,
All ready in live.. from yesterday.
Thanks,
Toomas
Wednesday, October 29, 2008, 12:15:33 AM, you wrote:
> Hello Toomas -
> Yes you should use ContinueWhileReject.
> There are in fact 4 possible responses: Accept, Reject, Ignore, or
> Challenge.
> regards
> Hugh
> On 28 Oct 2008, at 17:29, Toomas Kärner wrote:
>> Hello Hugh,
>>
>> I forgot to mention that it's only one host in a farm of several. If
>> it has a problem (sql db dead) it should go quiet and then clients
>> will declare it dead and use the other remaining servers.
>> In my case (sql failure in that host) it did not go quiet but started
>> giving Access-Accept's defined in "Identifier AcceptAllBS". I'm not
>> saying that it performed badly - my config was like this
>> In short:
>> If I use ContinueWhileReject as AuthByPolicy will it exit in case of
>> SQL failure with a result IGNORE?
>>
>> This AuthBy INTERNAL in the end is not meant for fallback in case of
>> DB failure. It's meant for new customers registration.
>>
>> I hope I was clear enough this time ;)
>>
>> Rgds.
>> Toomas
>>
>> Tuesday, October 28, 2008, 1:59:38 AM, you wrote:
>>
>>> Hello Toomas -
>>
>>> I'm not quite sure I understand what you are wanting to do.
>>
>>> It may be the case that you need two different AuthBy policies
>>> defined in one or more AuthBy GROUP's?
>>
>>> regards
>>
>>> Hugh
>>
>>
>>> On 28 Oct 2008, at 00:43, Toomas Kärner wrote:
>>
>>>> Hi all,
>>>>
>>>> I'm a little unsure and want to confirm my theory.
>>>> Currently I have a setup:
>>>>
>>>> <Handler >
>>>> AuthByPolicy ContinueUntilAccept
>>>> <AuthBy SQL>
>>>> Identifier MacWhiteList
>>>> ... try to find from whitelist...
>>>> </AuthBy>
>>>> #################################################
>>>> <AuthBy SQL>
>>>> Identifier Option82
>>>> ... try to find by option.82...
>>>> </AuthBy>
>>>> #################################################
>>>> <AuthBy INTERNAL>
>>>> Identifier AcceptAllBS
>>>> DefaultResult ACCEPT
>>>> AddToReply "some default failure profile in case we didn't
>>>> find anything from DB"
>>>> </AuthBy>
>>>> #################################################
>>>> </Handler>
>>>>
>>>> Now, I had a SQL failure in that host and both AuthBy SQL's started
>>>> returning "Ignore" request fell down to the "AcceptAllBS" which gave
>>>> result "not found in DB" which was not desired result. Ignore was.
>>>> I should use ContinueWhileReject as AuthByPolicy, right? (I have
>>>> read
>>>> already the manual, no need to paste, I just want to confirm).
>>>> Desired result is that that radius shut's up (Ignores) and the
>>>> network
>>>> will discard it from use instead of giving out "bad" info that "not
>>>> found in DB"...
>>>>
>>>> ############
>>>> -> http://www.mail-archive.com/radiator@open.com.au/msg03049.html
>>>> Hi Christian,
>>>>
>>>> also, perhaps you might consider that
>>>> ContinueUntilAccept is (usually) indentical to ContinueWhile(ignore
>>>> or reject)
>>>>
>>>> Cheers.
>>>> ############
>>>> "usually" - :P
>>>>
>>>> Just as a study case - it caused the "faulty" radius server to
>>>> continue serving clients and setting them up to be redirected to an
>>>> "error page" when there really was no error in DB (in records).
>>>>
>>>>
>>>> Rgds.
>>>> Toomas
>>>>
>>>> _______________________________________________
>>>> radiator mailing list
>>>> radiator at open.com.au
>>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>>
>>> NB:
>>
>>> Have you read the reference manual ("doc/ref.html")?
>>> Have you searched the mailing list archive (www.open.com.au/archives/
>>> radiator)?
>>> Have you had a quick look on Google (www.google.com)?
>>> Have you included a copy of your configuration file (no secrets),
>>> together with a trace 4 debug showing what is happening?
>>> Have you checked the RadiusExpert wiki:
>>> http://www.open.com.au/wiki/index.php/Main_Page
>>
>>
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> NB:
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
More information about the radiator
mailing list