[RADIATOR] How to implement Copy mode

Hugh Irvine hugh at open.com.au
Wed Mar 10 16:18:08 CST 2010 

Hello Carlos -

Yes you can change the order of the AuthBy clauses and use AccountingHandled:

.....

# process accounting requests

<Handler Request-Type = Accounting-Request>

	AccountingHandled

	AuthByPolicy ContinueAlways

	<AuthBy SQL>
		.....
	</AuthBy>

	<AuthBy RADIUS>
		IgnoreAccountingResponse
		.....
	</AuthBy>

</Handler>

# process authentication requests

<Handler>

	<AuthBy SQL>
		.....
	</AuthBy>

</Handler>

.....

This will cause Radiator to reply to the NAS with an accounting response immediately, and ignore any accounting response from the proxy target.

StripFromReply and AddToReply operate on the reply packet that is being prepared to be sent back to the NAS.

regards

Hugh


On 10 Mar 2010, at 23:27, Carlos Parada wrote:

> Hi all,
> 
> Thanks for the answer, but I have a little additional problem (in the previous mail my answer was too quick ;) )
> A have the requirement that I will only forward the response to the NAS, IF the auth/acc plug-in (FREERADIUSSQL) has a response - the response could not exist under some circumstances (I will change the original code).
> For this reason, I need to go to the auth/acc first in the SQL, and then forward in case of Acc response.
> The problem is that using the IgnoreAccountingResponse in the RAdIUS authby, the Radiator does not respond to the NAS (is there any way of responding the result of the previous AuthBy?)
> To overtake this, I've tries the use of the AccountingHandled flag at the handler level, but it is not clear for me what are the implications. When I use features such as StripFromReply or AddToReply, what are the base packet that is considered? Any clues?
> 
> Regards,
> Carlos Parada
> 
> -----Original Message-----
> From: Hugh Irvine [mailto:hugh at open.com.au] 
> Sent: terça-feira, 9 de Março de 2010 23:01
> To: Carlos Parada
> Cc: radiator at open.com.au
> Subject: Re: [RADIATOR] How to implement Copy mode
> 
> 
> Hello Carlos -
> 
> Try somehting like this:
> 
> 
> # process accounting requests
> 
> <Handler Request-Type = Accounting-Request>
> 
> 	AuthByPolicy ContinueAlways
> 
> 	<AuthBy RADIUS>
> 		IgnoreAccountingResponse
> 		.....
> 	</AuthBy>
> 
> 	<AuthBy SQL>
> 		.....
> 	</AuthBy>
> 
> </Handler>
> 
> # process authentication requests
> 
> <Handler>
> 
> 	<AuthBy SQL>
> 		.....
> 	</AuthBy>
> 
> </Handler>
> 
> 
> See section 5.30.27 in the Radiator 4.6 reference manual ("doc/ref.pdf").
> 
> regards
> 
> Hugh
> 
> 
> On 9 Mar 2010, at 23:36, Carlos Parada wrote:
> 
>> Hi all,
>> 
>> I would like to implement a handler for authentication/accounting based on an SQL database.
>> Additionally, I would like to forward requests to another server in copy mode (copy mode means 
>> I should not expect any response - I will not have one). However, I nevertheless would like that my 
>> Radiator respond to requets back (to the NAS). I want to authentication/accounting first and only
>> then forward to the server in copy mode.
>> 
>> However, it is not clear for me how to do this, because there seems no way to say radiator to 
>> not expect any response (only forward it). Expecting that response would result probably in a large
>> memory comsuption,  because of the proxy state storages.
>> 
>> Any tips about how to implement this?
>> 
>> Carlos Parada 
>> 
>> 
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> 
> NB: 
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets), 
> together with a trace 4 debug showing what is happening?
> 
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> Includes support for reliable RADIUS transport (RadSec),
> and DIAMETER translation agent.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
> 
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

More information about the radiator mailing list