Hi Karl,
On Apr 29, 2:36pm, Karl Gaissmaier wrote:
> Subject: Re: (RADIATOR) Question: Problems with forwarding accounting requ
> Hi Mike,
>
> thanks for your reply, but still two more question for the same
> problem:
>
> Mike McCauley schrieb:
> >
.....
> > >
> > > 2. Question:
> > > Is it possible, that the first host already sends the Accounting-Response
> > > to the NAS, and the second host just stores the records and nothing else?
> > Yes, that should be fine.
>
> The question is how? Is this done with the AuthByPolicy or how
> can I do this? Can't find anything in the docu how to do this.
> Sure, it is not the default behavior by 98% users needed.
OK, I see your question now. Sorry.
Normally, you would put the AuthBy RADIUS as the last AuthBy. It would then
forward (just accounting in your case) to the other radius. And when that
radius acknowledged, the first server would send that ack back to the original
NAS.
But you are wondering how can you make the first server ack immediately,
without waiting for the remote server to reply?
Well, we dont really recommend it, but you could put your <AuthBy RADIUS> as
not the last AuthBy. That would make it forward to the remote server and then
fall through to the next AuthBy (depending onthe AuthByPolicy, of course). The
disadvantage of this is that _every_ accounting request from the NAS will get 2
acknowledgements (one from the last AuthBy, and one from the AuthBy RADIUS when
it gets its reply from the remote server)
We dont really recomend this, since it better that if the accounting server
dies, that the NAS gets no response and can try its secondard radius server.
>
> >
> > >
> > > 3. Question:
> > > I get a WARNING: No such attribute Timestamp
> > > only if i forward by AuthBy RADIUS in my log files. I have seen this
> > > never before I started forwarding the accounting requests by radius
> > > protocol. Any explanation? See the trace and look for the WARNINGS:
> >
> > I think it becasue the dictionary you are using does not have Timestamp
defined
> > like this:
> >
> > ATTRIBUTE Timestamp 103 integer
>
> I thought already about that, and after adding now this line to my
> dictionary
> I get no longer this WARNING. I hesitated to add this line, because
> without
> the forwarding clause <AuthBy RADIUS> I didn't see this warning.
>
> You solved my problem, but perhaps for you is this a hint that something
> is strange with this behavior.
Well, its a standard dictionary attribute. I dont really understand why it was
not in your dictionary. Which one were you using?
Hope that helps.
Cheers.
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
