[RADIATOR] Fidelio authentication module: Some suggestions

Ralf Ertzinger re at addix.net
Mon May 9 02:24:08 CDT 2011


Hi all.

As mentioned some time ago we have a customer interested in using
Radiator to authenticate against an existing Micros Fidelio infrastructure.

Last week I was finally able to do an on site visit to test the basic
functionality of the system.

Good news first: the Fidelio connector worked as expected, it was able
to connect to the Fidelio system without too much trouble and get the
guest data, and I was able to successfully authenticate against the
Radius server using that data.

All tests were done using a TCP connection to the Fidelio server.

However, there are some minor problems I would love to get out of the way.

- Reload failure
   When Radiator is reloaded using SIGHUP it throws away it's internal copy
   of the Fidelio database. However, it does not cleanly shut down the TCP
   connection, and it also does not send a LE (link end) message to the
   Fildelio system.
   When Radiator then reconnects to the Fidelio server the latter does
   not consider the connection as "new", and assumes that the Radius
   server already has a copy of the database. So the Radius server does
   not receive a new copy of the database and ends up with no data at
   all.

   Suggested fix (as recommended by the Micros engineer on site with
   me): either send a LE (link end) record on connection shutdown,
   or completely close the TCP connection. Preferrably both.

   Workaround: do a complete restart of the Radius server


- Keepalive
   When the network connection between the Radius server and the Fidelio
   server fails for some reason the Fidelio server aggressively times out
   and closes the TCP connection when it cannot send database updates.
   The Radius server may not notice this in a timely manner and thus may
   not receive database update messages.

   Suggested fix (as recommended by the Micros engineer on site with
   me): have the Radius server send LS (link start) messages in regular
   intervals and wait for the Fidelio system to answer with LA (link alive).

   Workaround: this can be somewhat worked around by sending accounting
   messages to the Fidelio system (in this particular setup accounting to
   the Fidelio system is not part of the planned setup). Failure to send
   an accounting message will cause a restart of the connection.


- Data mangle hook
   This is more of a "nice to have". Provide a hook to mangle data received
   from the Fidelio system before it is entered into the internal Radiator
   database. Primary use case (for me) would be to lower case the guest
   names.


I think I can provide a patch for the last point, but I have not found
an easy hook into the system reload functionality (from a module point
of view) or a way to regularily call a function from a module. If someone
could point me in the right direction I'd be quite grateful.

-- 
  ADDIX Internet Services GmbH | Kaistr. 101 | D-24114 Kiel | www.addix.net
mail: re at addix.net     /    Tel. +49 431 7755 140   \    GF: Karlheinz Hagen
HR: AG Kiel HRB 5992  /     Fax. +49 431 7755 107    \    GF: Björn Schwarze
  Dresdner Bank | BLZ 210 800 50  | Kto 010 720 920 0  | UST-ID DE223571139


More information about the radiator mailing list