[RADIATOR] multiple hosts

David Zych dmrz at illinois.edu
Mon Nov 28 13:24:47 CST 2011 

Here's my solution to this problem, using a generic ReplyHook (attached)
and a faux request attribute called NextAuthBy (which names the next
AuthBy to call if the first AuthBy RADIUS rejects).  In my case authby2
is a different type of AuthBy, but I think it should work equally well
with a second AuthBy RADIUS (for Host host2).

<AuthBy RADIUS>
  Identifier authby1
  Host host1
  ...
  # if proxy rejects, redirect to NextAuthBy
  ReplyHook file:"%D/proxy_ContinueWhileReject.pl"
</AuthBy>

<AuthBy ...>
  Identifier authby2
  ...
</AuthBy>

<Handler ...>
  AddToRequest NextAuthBy="authby2"
  AuthBy authby1
</Handler>


Hope this helps,
David

P.S.  Radiator team: IMHO it would be a very nice improvement if AuthBy
RADIUS had built-in logic to support asynchronous continuation to
another AuthBy, perhaps like this:
<AuthBy RADIUS>
  Identifier authby1
  ...
  # if proxy rejects, redirect to authby2
  AuthByPolicy ContinueWhileReject
  NextAuthBy authby2
</AuthBy>


On 11/23/2011 12:00 PM, radiator-request at open.com.au wrote:
> Date: Wed, 23 Nov 2011 11:37:19 +1100
> From: Hugh Irvine <hugh at open.com.au>
> Subject: Re: [RADIATOR] multiple hosts
> To: Judy Angel <J.Angel at herts.ac.uk>
> Cc: radiator at open.com.au
> Message-ID: <AAA9F5E1-3F13-4A8D-A943-A567DFEA7977 at open.com.au>
> Content-Type: text/plain; charset=us-ascii
> 
> 
> Hello Judy -
> 
> Due to the asynchronous nature of the AuthBy RADIUs clause its not that simple.
> 
> You will need to use a hook with specific code to do what you want, or you could try the AuthBy MULTICAST clause.
> 
> See "goodies/hooks.txt" and/or section 5.63 in the Radiator 4.9 reference manual ("doc/ref.pdf").
> 
> regards
> 
> Hugh
> 
> 
> On 23 Nov 2011, at 11:01, Judy Angel wrote:
> 
>> > 
>> > Radius V4.2.
>> > I am looking to authenticate on two servers. If the userid is not available 
>> > in host1 try host2. The config below works fine on host1 but if the return 
>> > fails as the userid does not exist it does not check for the userid in 
>> > host2. Should this be possible?
>> > 
>> > 
>> > <Handler Realm= domain.ac.uk>
>> >        RewriteUsername s/^([^@]+).*/$1/
>> >        <AuthBy RADIUS>
>> > 
>> >                <Host host1.herts.ac.uk>
>> >                Secret xxxx
>> >                </Host>
>> >                <Host host2.herts.ac.uk>
>> >                Secret xxxxx
>> >                </Host>
>> >        </AuthBy>
>> >      # Log accounting to the detail file in LogDir
>> >    AcctLogFileName %L/detail
>> > </Handler>
>> > 
>> > Thanks
>> > Judy Angel
>> > University of Hertfordshire
>> > 
>> > _______________________________________________
>> > radiator mailing list
>> > radiator at open.com.au
>> > http://www.open.com.au/mailman/listinfo/radiator
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: proxy_ContinueWhileReject.pl
Url: http://www.open.com.au/pipermail/radiator/attachments/20111128/9dae74a4/attachment.pl

More information about the radiator mailing list