[RADIATOR] AcctInsertQuery for Authby RADIUS

Hugh Irvine hugh at open.com.au
Wed Feb 16 17:49:21 CST 2011 

Hello Jeff -

You should not mix Handlers and Realms in the same configuration file, as Realms are always evaluated before Handlers.

If you are going to change from Realms to Handlers, I suggest you use separate Handlers for authentication and accounting:

…..

# accounting

<Handler Request-Type = Accounting-Request, User-Name = /..../>

	……

</Handler>

# authentication

<Handler User-Name = /.../>

	…..

</Handler>

…..

FYI - I also suggest you use "User-Name = /.../" instead of "Realm = /..../" as you then have greater control with the regexp.

regards

Hugh


On 17 Feb 2011, at 10:03, Jeffrey Lee wrote:

> hi Christian, thanks for the suggestion. You're right, your suggestion
> is the simplest to implement, neat and easy to maintain.
> whilst, the method suggested by Michael and Remo allows the AuthBy to
> be reused by other realms that need the same processing policy.
> 
> if i have a handler/realm tag that uses regex?
> for example, i have <Realm ^abc(def)?\//i> (which should process any
> incoming requests with abc/user or abcdef/user, how will this appear
> in the handler tag? will it be <Handler realm=^abc(def)?\//i> , or
> this is not possible and it must be for specific matches?
> 
> 
> 
> On Thu, Feb 17, 2011 at 8:39 AM, Christian Kratzer <ck at cksoft.de> wrote:
>> Hi,
>> 
>> On Wed, 16 Feb 2011, Jeffrey Lee wrote:
>> 
>>> I tried adding <AuthBy SQL> after <AuthBy RADIUS> but as soon as
>>> <AuthBy RADIUS> is executed, <AuthBy SQL> will not be executed.
>> 
>> <AuthBy RADIUS> will always return an ignore as it dispatches the
>> radius request and processes the answer asyncronously.
>> 
>>> Can you actually place <AuthBy SQL> within a <AuthBy RADIUS>?
>> 
>> You can place both AuthBy below each other inside the handler
>> and set the appropriate AuthByPolicy (Manual Section 5.24.1) to do
>> what you want.
>> 
>> You will not need an AuthBy GROUP for a simple case as a Handler already
>> implements the same functionality as an AuthBy GROUP.
>> 
>>> What I'm trying to achieve is to log the RADIUS accounting records
>>> locally (start, stop & alive) for realms that need to be authenticated
>>> by another RADIUS server. How can I achieve that?
>> 
>> something like this should do the trick:
>> 
>>        <Handler Realm=foo>
>>                AuthByPolicy ContinueWhileIgnore
>> 
>>                <AuthBy RADIUS>
>>                        ...
>>                </AuthBy>
>> 
>>                <AuthBy SQL>
>>                        IgnoreAuthentication
>>                        ...
>>                </AuthBy>
>> 
>>        </Handler>
>> 
>> The <AuthBy RADIUS> will always proxy your requests and will return ignore.
>> 
>> The AuthBy SQL will be called but will only handle accounting as you have
>> configured IgnoreAuthentication.
>> 
>> There are many possible variations but I think above is the simplest.
>> 
>> Greetings
>> Christian
>> 
>> --
>> Christian Kratzer                      CK Software GmbH
>> Email:   ck at cksoft.de                  Wildberger Weg 24/2
>> Phone:   +49 7032 893 997 - 0          D-71126 Gaeufelden
>> Fax:     +49 7032 893 997 - 9          HRB 245288, Amtsgericht Stuttgart
>> Web:     http://www.cksoft.de/         Geschaeftsfuehrer: Christian Kratzer
>> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator

More information about the radiator mailing list