[RADIATOR] Another Class like attribute
Tuure Vartiainen
vartiait at open.com.au
Wed Nov 29 11:58:42 UTC 2017
Hi,
> On 28 Nov 2017, at 21.39, Robert Blayzor <rblayzor.bulk at inoc.net> wrote:
>
> Is it possible to have a AuthLog for a particular AuthBy rather than just in a Handler?
>
> <AuthBy GROUP>
> Identifier GROUP1
> AuthByPolicy ContinueUntilAccept
> AuthBy BLACKHOLE
> AuthBy AUTH1
> AuthBy AUTH_DEFAULT
> </AuthBy>
> #
> <AuthBy FILE>
> Identifier AUTH_DEFAULT
> Filename %D/default_users
> AuthLog FOO
> </AuthBy>
> #
> <AuthLog SQL>
> Identifier FOO
> DBSource dbi:Pg:dbname=…
> SuccessQuery INSERT INTO ….
> LogSuccess 1
> LogFailure 0
> Timeout 2
> </AuthLog>
>
> The general idea is log successful auths only from one particular AuthBy… I do not want to log successes from other AuthBy’s in the group.
>
Handler will only log the end result of the authentication in AuthLog.
In your example when using AuthByPolicy ContinueUntilAccept, Handler will stop evaluating
AuthBys immediately when one of them accepts the request.
Following could work, first stop if BLACKHOLE rejects the request and then try if either AUTH1
or AUTH_DEFAULT accepts.
<AuthBy GROUP>
Identifier GROUP1
AuthByPolicy ContinueUntilReject
AuthBy BLACKHOLE
<AuthBy GROUP>
Identifier GROUP1-GROUP1
AuthByPolicy ContinueUntilAccept
AuthBy AUTH1
AuthBy AUTH_DEFAULT
</AuthBy>
</AuthBy>
(ref: http://www.open.com.au/radiator/ref/AuthByPolicy_AuthByGROUP.html#AuthByPolicy_AuthByGROUP)
BR
--
Tuure Vartiainen <vartiait at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list