[RADIATOR] "IgnoreIfMissing" required?

Hugh Irvine hugh at open.com.au
Fri Jan 18 23:11:52 UTC 2019


Hello Christian -

Maybe something like this:


…..

<Handler …..>

	AuthByPolicy ContinueWhileIgnore

	<AuthBy GROUP>
	
		AuthByPolicy ContinueUntilAccept

		<AuthBy RADMIN>
			…..
		</AuthBy>

		<AuthBy LDAP2>
			…..
		</AuthBy>

	</AuthBy>

	<AuthBy INTERNAL>
		…..
	</AuthBy>

</Handler>

…..


regards

Hugh


> On 18 Jan 2019, at 22:21, Christian Meutes <christian at errxtx.net> wrote:
> 
> Hello,
> 
> I'am a bit stuck on implementing the following logic:
> 
> (1) First AuthBy/Backend (Radmin/SQL): If user found either 'Accept'
> or 'Reject' depending on check-item result. If user is not found, try
> out the second backend.
> 
> (2) Second AuthBy/Backend (LDAP): If user found then 'Accept' or do
> 'Reject' if not found.
> 
> Using 'AuthByPolicy ContinueWhileIgnore', while a third 'AuthBy
> INTERNAL' makes sure to 'Accept' in case the backends before failed,
> thus delivered 'Ignores' and did fall through.
> 
> I wonder how to implement the first 'AuthBy', there is
> 'AcceptIfMissing', but there is no 'IgnoreIfMissing'.
> 
> AuthGeneric.pm seems the place to patch this in, but I'm pretty sure
> that I just miss the right knobs or a proper policy(-design), or not?
> 
> Apparently I need some inspiration, anyone? :-)
> 
> Thanks!
> -- 
> Christian
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> https://lists.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
hugh at open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.



More information about the radiator mailing list