[RADIATOR] multiple AuthBy GROUPs
Hugh Irvine
hugh at open.com.au
Sun Oct 11 17:54:18 CDT 2009
Hello Matt -
I'm not sure I understand your question.
Here is what I get in testing:
<Handler>
AuthByPolicy ContinueAlways
<AuthBy GROUP>
Identifier Group1
AddToRequest OSC-Environment-Identifier = Group1
<AuthBy INTERNAL>
DefaultResult ACCEPT
</AuthBy>
</AuthBy>
<AuthBy GROUP>
Identifier Group2
AddToRequest OSC-Environment-Identifier = Group2
<AuthBy INTERNAL>
DefaultResult ACCEPT
</AuthBy>
</AuthBy>
<AuthBy GROUP>
Identifier Group3
AddToRequest OSC-Environment-Identifier = Group3
<AuthBy INTERNAL>
DefaultResult ACCEPT
</AuthBy>
</AuthBy>
<AuthBy RADIUS>
Host localhost
AuthPort 1812
AcctPort 1813
Secret mysecret
</AuthBy>
</Handler>
gives this result:
Mon Oct 12 09:48:37 2009: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 63821 ....
Code: Access-Request
Identifier: 67
Authentic: <222><147><137>A<127><197><159><14>8<182>J<248>0}<178><195>
Attributes:
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = C<136>Kd<180><240>><11>f<175><254>k<168><217>Y<155>
Mon Oct 12 09:48:37 2009: DEBUG: Handling request with Handler ''
Mon Oct 12 09:48:37 2009: DEBUG: Deleting session for mikem,
203.63.154.1, 1234
Mon Oct 12 09:48:37 2009: DEBUG: Handling with Radius::AuthGROUP: Group1
Mon Oct 12 09:48:37 2009: DEBUG: Handling with AuthINTERNAL:
Mon Oct 12 09:48:37 2009: DEBUG: AuthBy GROUP result: ACCEPT, Fixed by
DefaultResult
Mon Oct 12 09:48:37 2009: DEBUG: Handling with Radius::AuthGROUP: Group2
Mon Oct 12 09:48:37 2009: DEBUG: Handling with AuthINTERNAL:
Mon Oct 12 09:48:37 2009: DEBUG: AuthBy GROUP result: ACCEPT, Fixed by
DefaultResult
Mon Oct 12 09:48:37 2009: DEBUG: Handling with Radius::AuthGROUP: Group3
Mon Oct 12 09:48:37 2009: DEBUG: Handling with AuthINTERNAL:
Mon Oct 12 09:48:37 2009: DEBUG: AuthBy GROUP result: ACCEPT, Fixed by
DefaultResult
Mon Oct 12 09:48:37 2009: DEBUG: Handling with Radius::AuthRADIUS
Mon Oct 12 09:48:37 2009: DEBUG: AuthBy RADIUS creates new local
socket '0.0.0.0:0' for sending requests
Mon Oct 12 09:48:37 2009: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1812 ....
Code: Access-Request
Identifier: 1
Authentic: <222><147><137>A<127><197><159><14>8<182>J<248>0}<178><195>
Attributes:
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = C<136>Kd<180><240>><11>f<175><254>k<168><217>Y<155>
OSC-Environment-Identifier = "Group1"
OSC-Environment-Identifier = "Group2"
OSC-Environment-Identifier = "Group3"
....
regards
Hugh
On 11 Oct 2009, at 23:25, Matt wrote:
> Hi,
>
> In a previous post, i've seen the below suggested to make use of
> AddToRequest as "place holders".
> It would appear that although the request works its way through all
> GROUPs, only the first AddToRequest gets applied. So in a
> PostAuthHook for example, regardless of which GROUP authenticates
> the user, I only ever see the value of AuthBy1 in the first GROUP.
> Am I missing something here ?
>
> Thanks in advance.. Matt.
>
>
> <Handler ....>
> AuthByPolicy .....
> <AuthBy GROUP>
> <AuthBy LDAP2>
> .....
> </AuthBy>
> AddToRequest AuthBy1 = LDAP2
>
> </AuthBy>
> <AuthBy GROUP>
> <AuthBy SQL>
> .....
> </AuthBy>
> AddToRequest AuthBy2 = SQL
> </AuthBy>
> .....
> </Handler>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator
)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list