Hello Kalev, On Jun 25, 5:20pm, Kalev Nurklik wrote: > Subject: (RADIATOR) ContinueUntilIgnore > Does this parameter work? Yes, ContinueUntilIgnore does work, but I think you will find that FILE and SYSTEM almost never IGNORE. They will ACCEPT if the user exists and their password and other check items are OK, else REJECT. Your misunderstanding is that Radiator will actually REJECT them if they are not in the database, not IGNORE them as you think. The manual was incorrect when it implied that AuthByPolicy was permitted inside any AuthBy. Its really only permitted inside Realm, Handler and AuthBy GROUP. We have fixed it for the next release. Thanks for reporting that. Hope that helps. Cheers. > part of radius.cfg: > > ><Realm DEFAULT> > ># first global GROUP not really needed but have tried without > ># and for no avail > > <AuthBy GROUP> > ># Start of first GROUP for checking if users are defined in > ># users file > > <AuthBy GROUP> > ># policy to stop trying if user is not found in users file > >#!! THIS IS THE PROBLEM PART > > AuthByPolicy ContinueUntilIgnore > > <AuthBy FILE> > > </AuthBy> > ># this AuthBy should work when user is found in users file > > <AuthBy SYSTEM> > > Identifier Blocked-PW > > UseGetspnam > > AddToReply Reply-Message="Using Blocked profile" > > </AuthBy> > > </AuthBy> > ># end of first GROUP > > <AuthBy GROUP> > ># start of second GROUP should use default policy that's global > ># these Authby clauses just select different user groups > > <AuthBy FILE> > > Filename %D/users.check > > </AuthBy> > > <AuthBy SYSTEM> > > Identifier Site-PW > > UseGetspnam > > AddToReply Reply-Message="Using Site profile" > > </AuthBy> > > <AuthBy SYSTEM> > > Identifier Mailbox-PW > > UseGetspnam > > AddToReply Reply-Message="Using Mailbox profile" > > </AuthBy> > > <AuthBy SYSTEM> > > Identifier Unix-PW > > UseGetspnam > > </AuthBy> > ># end of second GROUP > > </AuthBy> > ># end of global GROUP > > </AuthBy> > > AcctLogFileName %L/%N/detail > ></Realm> > > in users file: > > >kalevb Auth-Type = Blocked-PW > > Framed-IP-Address = 22.214.171.124 > > As I can understand from manual then "Ignore" should emerge when > AuthBy ignores a user e.g user isn't in the AuthBy clause user > database (flat file, relational-, system database, etc). Am I correct > or am I missing something? > Trace 4 for user kalev who is not in the users file and is in system > database eg. Solaris 2.7 shadow file and should be authenticated > with second AuthBy GROUP not within first GROUP > On the other hand user kalevb gets authenticated twice which > clearly shows that there is no Ignore or no action taken for ignore - > and Radiator takes another try with AuthBy SYSTEM... > > >see attached file trace.txt > > BTW manual states that "All AuthBy clauses understand the > following parameters:" and within these parameters is > AuthByPolicy. For AuthBy FILE I got this: > > > ERR: Unknown keyword 'AuthByPolicy' in > > /usr/private/etc/raddb/radius.cfg line 77 > > regards, > > __________________________________ > Kalev Nurklik > MicroLink Online > Sakala 19, 10141 Tallinn, Estonia > Tel: +372 6 308 909 > Fax: +372 6 308 901 > E-mail: [EMAIL PROTECTED] > http://www.online.ee > > === > Archive at http://www.thesite.com.au/~radiator/ > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. >-- End of excerpt from Kalev Nurklik -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.