[RADIATOR] Fidelio authentication module: Some suggestions
Ralf Ertzinger
re at addix.net
Mon May 9 02:24:08 CDT 2011
Hi all.
As mentioned some time ago we have a customer interested in using
Radiator to authenticate against an existing Micros Fidelio infrastructure.
Last week I was finally able to do an on site visit to test the basic
functionality of the system.
Good news first: the Fidelio connector worked as expected, it was able
to connect to the Fidelio system without too much trouble and get the
guest data, and I was able to successfully authenticate against the
Radius server using that data.
All tests were done using a TCP connection to the Fidelio server.
However, there are some minor problems I would love to get out of the way.
- Reload failure
When Radiator is reloaded using SIGHUP it throws away it's internal copy
of the Fidelio database. However, it does not cleanly shut down the TCP
connection, and it also does not send a LE (link end) message to the
Fildelio system.
When Radiator then reconnects to the Fidelio server the latter does
not consider the connection as "new", and assumes that the Radius
server already has a copy of the database. So the Radius server does
not receive a new copy of the database and ends up with no data at
all.
Suggested fix (as recommended by the Micros engineer on site with
me): either send a LE (link end) record on connection shutdown,
or completely close the TCP connection. Preferrably both.
Workaround: do a complete restart of the Radius server
- Keepalive
When the network connection between the Radius server and the Fidelio
server fails for some reason the Fidelio server aggressively times out
and closes the TCP connection when it cannot send database updates.
The Radius server may not notice this in a timely manner and thus may
not receive database update messages.
Suggested fix (as recommended by the Micros engineer on site with
me): have the Radius server send LS (link start) messages in regular
intervals and wait for the Fidelio system to answer with LA (link alive).
Workaround: this can be somewhat worked around by sending accounting
messages to the Fidelio system (in this particular setup accounting to
the Fidelio system is not part of the planned setup). Failure to send
an accounting message will cause a restart of the connection.
- Data mangle hook
This is more of a "nice to have". Provide a hook to mangle data received
from the Fidelio system before it is entered into the internal Radiator
database. Primary use case (for me) would be to lower case the guest
names.
I think I can provide a patch for the last point, but I have not found
an easy hook into the system reload functionality (from a module point
of view) or a way to regularily call a function from a module. If someone
could point me in the right direction I'd be quite grateful.
--
ADDIX Internet Services GmbH | Kaistr. 101 | D-24114 Kiel | www.addix.net
mail: re at addix.net / Tel. +49 431 7755 140 \ GF: Karlheinz Hagen
HR: AG Kiel HRB 5992 / Fax. +49 431 7755 107 \ GF: Björn Schwarze
Dresdner Bank | BLZ 210 800 50 | Kto 010 720 920 0 | UST-ID DE223571139
More information about the radiator
mailing list