[RADIATOR] using OR in handlers
Hugh Irvine
hugh at open.com.au
Mon Jun 7 05:39:46 CDT 2010
Hello Peter -
I personally prefer to keep my configuration files as clear as possible, so I typically do something like this:
…..
<AuthBy SQL>
Identifier InnerAuth
…..
</Authby>
…..
# TTLS
<Handler TunnelledByTTLS - 1>
AuthBy InnerAuth
…..
</Handler>
# PEAP
<Handler TunnelledByPEAP - 1>
AuthBy InnerAuth
…..
</Handler>
# EAP outer
<Handler EAP-Message = /.+/>
…..
</Handler>
#everything else
<Handler>
…..
</Handler>
…..
As shown above, if there are common elements I use Identifiers and reuse those clause(s).
hope that helps
regards
Hugh
On 7 Jun 2010, at 06:23, Peter Havekes wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
> Hello,
>
> Can I combine checklist items in a <HANDLER> in a way that would make
> the handler match if one of the items matches. Something like
>
> <HANDLER (Called-Station-Id=/.*mynetwork.*/,Realm=mydomain.tld) OR
> (TunnelledByPEAP=1) OR (TunnelledByTTLS=1)>
>
> I'm asking this because I've edited the eap_edir_up.cfg to authenticate
> both TTLS and PEAP, but I can't ise <REALM Default> because the server
> processes other (non eap) requests.
>
> I now have three idintical handlers, one for each of the checklists
> above, but that isn't the most effective way to accomplish this.
>
>
>
> - --
>
> Peter Havekes
> ICT-Ontwikkeling & AVANS-CSIRT
> Avans Hogeschool
> Onderwijsboulevard 215
> 5223 DE 's-Hertogenbosch
> Telefoon 0736 295 592
> Mobiel 0612917383
> Fax 0736295488
> email/msn p.havekes at avans.nl
>
>
>
> - - Have you got anything without Spam in it?
> - - Well, there's Spam egg sausage and Spam, that's not got much Spam in it.
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG v1.4.10 (GNU/Linux)
> Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org/
>
> iQEcBAEBAgAGBQJMDMi1AAoJEN+XNdyDF60NJnoH/3bpwGc6bPNwe59xuMikTKw0
> a1+6bTEbyZop8h6fFQEyGDn8Wmzmc3BcqXMKk2tgHwOKf1PqR5gm+M5nj9xHrLX/
> lExiFldBo6P8jtA/f1XjRvmWcH6foddP0axsYOOXn7FqWCI4fl87FchUM6EicwTm
> jAW/T/sBCTip/nmf4CgrG2Hwl68AGvnPT6xxGyQaHebb+9mTl61OThFRObFmj5Cn
> MBjQSIYQh3Cfdd4CLEAWljyU9hj81phQqjb1q0WJooq1Kgeq6bUFbBTB7M8PE6rr
> emw7JP/yjTWNRNkxPKWVNtMDRvj52Yy97P4FGgYJgEtXr/tPjRLblhxkFScVzm0=
> =5f2D
> -----END PGP SIGNATURE-----
> ---------------------------------------------------------------------------
> Op deze e-mail zijn de volgende voorwaarden van toepassing:
> The following conditions apply to this e-mail:
> http://emaildisclaimer.avans.nl
> ---------------------------------------------------------------------------
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list