[RADIATOR] using OR in handlers

Hugh Irvine hugh at open.com.au
Mon Jun 7 05:39:46 CDT 2010


Hello Peter -

I personally prefer to keep my configuration files as clear as possible, so I typically do something like this:


…..

<AuthBy SQL>
	Identifier InnerAuth
	…..
</Authby>

…..

# TTLS

<Handler TunnelledByTTLS - 1>
	AuthBy InnerAuth
	…..
</Handler>

# PEAP

<Handler TunnelledByPEAP - 1>
	AuthBy InnerAuth
	…..
</Handler>

# EAP outer

<Handler EAP-Message = /.+/>
	…..
</Handler>

#everything else

<Handler>
	…..
</Handler>

…..

As shown above, if there are common elements I use Identifiers and reuse those clause(s).

hope that helps

regards

Hugh


On 7 Jun 2010, at 06:23, Peter Havekes wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
> 
> Hello,
> 
> Can I combine checklist items in a <HANDLER> in a way that would make
> the handler match if one of the items matches. Something like
> 
> <HANDLER (Called-Station-Id=/.*mynetwork.*/,Realm=mydomain.tld) OR
> (TunnelledByPEAP=1) OR (TunnelledByTTLS=1)>
> 
> I'm asking this because I've edited the eap_edir_up.cfg to authenticate
> both TTLS and PEAP, but I can't ise <REALM Default> because the server
> processes other (non eap) requests.
> 
> I now have three idintical handlers, one for each of the checklists
> above, but that isn't the most effective way to accomplish this.
> 
> 
> 
> - --
> 
> Peter Havekes
> ICT-Ontwikkeling & AVANS-CSIRT
> Avans Hogeschool
> Onderwijsboulevard 215
> 5223 DE 's-Hertogenbosch
> Telefoon    0736 295 592
> Mobiel      0612917383
> Fax         0736295488
> email/msn   p.havekes at avans.nl
> 
> 
> 
> - - Have you got anything without Spam in it?
> - - Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
> 
> iQEcBAEBAgAGBQJMDMi1AAoJEN+XNdyDF60NJnoH/3bpwGc6bPNwe59xuMikTKw0
> a1+6bTEbyZop8h6fFQEyGDn8Wmzmc3BcqXMKk2tgHwOKf1PqR5gm+M5nj9xHrLX/
> lExiFldBo6P8jtA/f1XjRvmWcH6foddP0axsYOOXn7FqWCI4fl87FchUM6EicwTm
> jAW/T/sBCTip/nmf4CgrG2Hwl68AGvnPT6xxGyQaHebb+9mTl61OThFRObFmj5Cn
> MBjQSIYQh3Cfdd4CLEAWljyU9hj81phQqjb1q0WJooq1Kgeq6bUFbBTB7M8PE6rr
> emw7JP/yjTWNRNkxPKWVNtMDRvj52Yy97P4FGgYJgEtXr/tPjRLblhxkFScVzm0=
> =5f2D
> -----END PGP SIGNATURE-----
> --------------------------------------------------------------------------- 
> Op deze e-mail zijn de volgende voorwaarden van toepassing: 
> The following conditions apply to this e-mail: 
> http://emaildisclaimer.avans.nl 
> --------------------------------------------------------------------------- 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.





More information about the radiator mailing list