[RADIATOR] loop avoidance with Handler and Client Identifier
Heikki Vatiainen
hvn at archred.com
Fri Apr 9 10:42:52 CDT 2010
On 04/09/2010 05:57 PM, Alan Buxey wrote:
> I recall , in the past, seeing a resource either in email or on the web
> that used a method of NAS-Identifier to stop a Handler sending authentications
> back to a realm from whence they ame - ie avoid authentication loops.
I think this might be it:
<Handler NAS-Identifier=/^(?!nasid)/>
Also Client-Identifier can be used here instead of NAS-Identifier. That
is use something like:
<Client>
Identifier clientid
</Client>
And the use Client-Identifier=/^(?!clientid)/ with the Handler.
> can anyone prod my memory or even verride that resource with their best practice?
See Radiator's ref-4.6.pdf Section 13.1.36 and search ?! for an example.
Also eduroam cookbook has an example, you can find it below. Search for
?! or see section 3.1.1.4
http://www.eduroam.org/index.php?p=europe&s=docs
--
Heikki Vatiainen, Arch Red Oy
+358 44 087 6547
More information about the radiator
mailing list