[RADIATOR] "IgnoreIfMissing" required?

Alexander.Hartmaier at t-systems.com Alexander.Hartmaier at t-systems.com
Wed Aug 14 08:35:05 UTC 2019


Hi,
after searching the mailing list I think this is the right thread to pick up.
We have multiple AuthBys per handler, e.g. one FILE, three LDAP2, one SQL.
As AuthBy LDAP2 returns a reject for both user not found and incorrect password we have configured AuthByPolicy ContinueUntilAccept in the Handler.
The issue we have with this config is the logging: if a user enters an incorrect password and the user isn't found by the last AuthBy but one of the four previous ones, it is skipped and the last one returns 'no such user'.

We'd like to stop trying further AuthBys when one finds the user but the password is incorrect to make troubleshooting such issues easier.

I can't think if a way to use AcceptIfMissing in combination with AuthByPolicy to do this and think a IgnoreIfMissing would be helpful.

Any advise if that's possible without hooks?

Thanks, Alex

T-SYSTEMS AUSTRIA GESMBH
TCO Local Network Factory
Alexander Hartmaier
Operation Manager Authentication
Rennweg 97-99, A-1030 Vienna
+43 57057 4320 (phone)
+43 676 8642 4320 (mobile)
E-mail: alexander.hartmaier at t-systems.com
http://www.t-systems.at
http://blog.t-systems.at

BIG CHANGES START SMALL – CONSERVE RESOURCES BY NOT PRINTING EVERY E-MAIL.

******************************************************************
T-Systems Austria GesmbH, Rennweg 97-99, A-1030 Vienna
Commercial Court Vienna, FN 79340b
**********************************************************************************
Notice: This e-mail contains information that is confidential and may be
privileged. If you are not the intended recipient, please notify the sender
and then delete this e-mail immediately.
**********************************************************************************

________________________________________
Von: radiator <radiator-bounces at lists.open.com.au> im Auftrag von Hugh Irvine <hugh at open.com.au>
Gesendet: Sonntag, 20. Jänner 2019 22:47
An: Christian Meutes
Cc: radiator
Betreff: Re: [RADIATOR] "IgnoreIfMissing" required?

Hello Christian -

I am not suggesting another AuthBy FILE - you can do the same thing in RADMIN.

The example was simply to show you how Radiator works with multiple DEFAULT, DEFAULT1, DEFAULT2, etc.

regards

Hugh


> On 20 Jan 2019, at 21:14, Christian Meutes <christian at errxtx.net> wrote:
>
> Hey Hugh,
>
> On Sun, Jan 20, 2019 at 2:30 AM Hugh Irvine <hugh at open.com.au> wrote:
>> DEFAULT User-Name = /hugh/
>>        Reply-Message = DEFAULT
>>
>> DEFAULT1 User-Name = /christian/
>>        Reply-Message = DEFAULT1
>
> I'm not able to see how indroducing another 'AuthBy FILE' can help me
> with my logic, apologies.
> I do understand how to use a user file with DEFAULT and further
> check-items. But I think I really need to use this inside of RADMIN,
> because having another 'AuthBy FILE' right after RADMIN would mean not
> being able to differentiate anymore between "user not found and user
> found and accepted (AcceptIfMissing)" or "user not found and user
> rejected (default logic)". In the former case (user found and
> accepted) it would still consult LDAP. In the latter case it would not
> consult LDAP anymore.
>
> Thanks / Best regards
> --
> Christian


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.

_______________________________________________
radiator mailing list
radiator at lists.open.com.au
https://lists.open.com.au/mailman/listinfo/radiator


More information about the radiator mailing list