hello
wouldnt this be perfect for a Auth-Type check scenario ?
Yours sincerely
Alfred Reibenschuh
Network-Management Architect
COE Network-Management-Services
Value Transformation Services GmbH
An IBM Company
Obere Donaustrasse 95
1020 Wien
Phone: +43-1-2056320-143
Mobile: +43-664-3523820
mail: [email protected]
mail: [email protected]
https://ibm.webex.com/join/alfred.reibenschuh_v-tservices
Please consider the environment before printing this e-mail.
This e-mail is confidential and may also contain privileged information. If you are not the intended recipient you are not authorized to read, print, save, process or disclose this message. If you have received this message by mistake, please inform the sender immediately and delete this e-mail, its attachments and any copies.
Any use, distribution, reproduction or disclosure by any person other than the intended recipient is strictly prohibited and the person responsible may incur penalties.
Thank you!
mail: [email protected]
https://ibm.webex.com/join/alfred.reibenschuh_v-tservices
Please consider the environment before printing this e-mail.
This e-mail is confidential and may also contain privileged information. If you are not the intended recipient you are not authorized to read, print, save, process or disclose this message. If you have received this message by mistake, please inform the sender immediately and delete this e-mail, its attachments and any copies.
Any use, distribution, reproduction or disclosure by any person other than the intended recipient is strictly prohibited and the person responsible may incur penalties.
Thank you!
----- Original message -----
From: [email protected]
Sent by: "radiator" <[email protected]>
To: [email protected]
Cc:
Subject: [EXTERNAL] radiator Digest, Vol 123, Issue 10
Date: Fri, Aug 23, 2019 14:00
Send radiator mailing list submissions to
[email protected]
To subscribe or unsubscribe via the World Wide Web, visit
https://lists.open.com.au/mailman/listinfo/radiator
or, via email, send a message with subject or body 'help' to
[email protected]
You can reach the person managing the list at
[email protected]
When replying, please edit your Subject line so it is more specific
than "Re: Contents of radiator digest..."
Today's Topics:
1. Re: "IgnoreIfMissing" required?
([email protected])
----------------------------------------------------------------------
Message: 1
Date: Thu, 22 Aug 2019 16:06:32 +0000
From: <[email protected]>
To: <[email protected]>, <[email protected]>
Subject: Re: [RADIATOR] "IgnoreIfMissing" required?
Message-ID: <[email protected]>
Content-Type: text/plain; charset="Windows-1252"
Hi Heikki,
thanks for the pointers!
Are you planning to add an easily configurable support for such a scenario?
Thanks, Alex
T-SYSTEMS AUSTRIA GESMBH
TCO Local Network Factory
Alexander Hartmaier
Operation Manager Authentication
Rennweg 97-99, A-1030 Vienna
+43 57057 4320 (phone)
+43 676 8642 4320 (mobile)
E-mail: [email protected]
http://www.t-systems.at
http://blog.t-systems.at
BIG CHANGES START SMALL ? CONSERVE RESOURCES BY NOT PRINTING EVERY E-MAIL.
******************************************************************
T-Systems Austria GesmbH, Rennweg 97-99, A-1030 Vienna
Commercial Court Vienna, FN 79340b
**********************************************************************************
Notice: This e-mail contains information that is confidential and may be
privileged. If you are not the intended recipient, please notify the sender
and then delete this e-mail immediately.
**********************************************************************************
________________________________________
Von: radiator <[email protected]> im Auftrag von Heikki Vatiainen <[email protected]>
Gesendet: Dienstag, 20. August 2019 13:05
An: [email protected]
Betreff: Re: [RADIATOR] "IgnoreIfMissing" required?
On 14/08/2019 11.35, [email protected] wrote:
> We have multiple AuthBys per handler, e.g. one FILE, three LDAP2, one SQL.
> As AuthBy LDAP2 returns a reject for both user not found and incorrect password we have configured AuthByPolicy ContinueUntilAccept in the Handler.
> The issue we have with this config is the logging: if a user enters an incorrect password and the user isn't found by the last AuthBy but one of the four previous ones, it is skipped and the last one returns 'no such user'.
>
> We'd like to stop trying further AuthBys when one finds the user but the password is incorrect to make troubleshooting such issues easier.
>
> I can't think if a way to use AcceptIfMissing in combination with AuthByPolicy to do this and think a IgnoreIfMissing would be helpful.
>
> Any advise if that's possible without hooks?
Can't think a good way to do this without hooks.
With hooks I'd consider PostAuthHook within AuthBy LDAP2 to switch
result argument to, for example, ignore if it looks like the user was
not found.
A simple method could be to look at the reason. A more controlled method
could be to use a PostSearchHook to add a marker attribute in $p when
there was a result and user was found. The PostAuthHook could then use
the presence of this attribute for deciding if the result should be changed.
In short: flag in PostSearchHook, act in PostAuthHook. All this within
AuthBy LDAP2.
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
------------------------------
Subject: Digest Footer
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
------------------------------
End of radiator Digest, Vol 123, Issue 10
*****************************************
_______________________________________________ radiator mailing list [email protected] https://lists.open.com.au/mailman/listinfo/radiator
