[RADIATOR] AcctInsertQuery for Authby RADIUS

Jeffrey Lee jleefw at gmail.com
Wed Feb 16 17:03:05 CST 2011 

hi Christian, thanks for the suggestion. You're right, your suggestion
is the simplest to implement, neat and easy to maintain.
whilst, the method suggested by Michael and Remo allows the AuthBy to
be reused by other realms that need the same processing policy.

if i have a handler/realm tag that uses regex?
for example, i have <Realm ^abc(def)?\//i> (which should process any
incoming requests with abc/user or abcdef/user, how will this appear
in the handler tag? will it be <Handler realm=^abc(def)?\//i> , or
this is not possible and it must be for specific matches?



On Thu, Feb 17, 2011 at 8:39 AM, Christian Kratzer <ck at cksoft.de> wrote:
> Hi,
>
> On Wed, 16 Feb 2011, Jeffrey Lee wrote:
>
>> I tried adding <AuthBy SQL> after <AuthBy RADIUS> but as soon as
>> <AuthBy RADIUS> is executed, <AuthBy SQL> will not be executed.
>
> <AuthBy RADIUS> will always return an ignore as it dispatches the
> radius request and processes the answer asyncronously.
>
>> Can you actually place <AuthBy SQL> within a <AuthBy RADIUS>?
>
> You can place both AuthBy below each other inside the handler
> and set the appropriate AuthByPolicy (Manual Section 5.24.1) to do
> what you want.
>
> You will not need an AuthBy GROUP for a simple case as a Handler already
> implements the same functionality as an AuthBy GROUP.
>
>> What I'm trying to achieve is to log the RADIUS accounting records
>> locally (start, stop & alive) for realms that need to be authenticated
>> by another RADIUS server. How can I achieve that?
>
> something like this should do the trick:
>
>        <Handler Realm=foo>
>                AuthByPolicy ContinueWhileIgnore
>
>                <AuthBy RADIUS>
>                        ...
>                </AuthBy>
>
>                <AuthBy SQL>
>                        IgnoreAuthentication
>                        ...
>                </AuthBy>
>
>        </Handler>
>
> The <AuthBy RADIUS> will always proxy your requests and will return ignore.
>
> The AuthBy SQL will be called but will only handle accounting as you have
> configured IgnoreAuthentication.
>
> There are many possible variations but I think above is the simplest.
>
> Greetings
> Christian
>
> --
> Christian Kratzer                      CK Software GmbH
> Email:   ck at cksoft.de                  Wildberger Weg 24/2
> Phone:   +49 7032 893 997 - 0          D-71126 Gaeufelden
> Fax:     +49 7032 893 997 - 9          HRB 245288, Amtsgericht Stuttgart
> Web:     http://www.cksoft.de/         Geschaeftsfuehrer: Christian Kratzer
>

More information about the radiator mailing list