Hi Aaron,
On May 31, 3:15pm, Aaron Holtz wrote:
> Subject: (RADIATOR) Realm/Handler question
> The docs state that a <Realm DEFAULT> will be handled before any
> <Handler> clauses are taken. This seems a bit odd as the Handler is more
> fine tuned and sometimes a <Realm DEFAULT> is needed, so it overrides your
> Handlers. Example:
Realm DEFAULT really just says "anything not handled by an explict Realm
clause"
If you need to use Handlers, then it is really best if you _only_ use Handlers
and not mix them with realms, especially Realm DEFAULT, for the reasons that
you point out.
Im not 100% sure what you want to acheive, but perhaps you need a config like
this:
# Handle all Framed-Users first
<Handler Service-Type=Framed-User>
<AuthBy SQL>
</AuthBy>
</Handler>
# If not a Framed-User, handle some special realm here
<Handler Realm=bright.net>
<AuthBy FILE>
</AuthBy>
</Handler>
# Everything else gets to here and is sent to ipass
<Realm DEFAULT>
<AuthBy IPASS>
</AuthBy>
</Realm>
Dont forget that Handlers (unlike Realms) are checked in the order they appear
in the config file, so the order is important. In the light of that, Im not
sure that the above config will do what you want. What I really wanted to point
out that you can use Handlers to discriminate between realms, instead of using
<Realm ...>
Hope that helps.
Cheers.
>
> <Handler Service-Type=Framed-User>
> <AuthBy SQL>
> </AuthBy>
> </Handler>
> <Handler>
> <AuthBy FILE>
> </AuthBy>
> </Handler>
> <Realm DEFAULT>
> <AuthBy IPASS>
> </AuthBy>
> </Realm>
>
> Now in order to use Ipass, I need that <Realm DEFAULT> in there to catch
> the roaming people. How could I mesh these two so my local customers
> still work? What I'm finding is that local usernames are passed into
> Ipass because they fall into the <Realm DEFAULT> clause. However, I need
> those Handlers in there to match certain types of customers, but they are
> never consulted because the Realm clause wins. Any better way of writing
> this? Maybe a <Handler> clause that looks for the @ symbol in the
> User-Name attribute?
>
> --------------------------------------------------------------------------
> Aaron Holtz
> ComNet Inc.
> UNIX Systems Specialist
> Email: [EMAIL PROTECTED]
> "It's not broken, it just lacks duct tape."
> --------------------------------------------------------------------------
>
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Aaron Holtz
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
