Hello Ricardo,
its not possible to change the AuthByPolicy in the middle of a Realm. Instead,
we would suggest doing it like this (untested):
# Handle all acccounting requests here
<Handler Acct-Status-Type=/.+/>
AuthByPolicy ContinueAlways
# Alweays save accoutning to an SQL database
<AuthBy SQL>
# no authentication
AuthSelect
AcctTable ....
etc
</AuthBy>
# Then proxy to radius2
<AuthBy RADIUS>
Host radiusd2
Secret xxx
</AuthBy>
</Handler>
# This handles everything else (ie authentication)
<Handler>
AuthByPolicy ContinueUntilAccept
# Try to auth from SQL, if that fails, proxy
<AuthBy SQL>
.....
</AuthBy>
# Failed, so proxy to radius1
<AuthBy RADIUS>
Host radiusd1
Secret xxx
</AuthBy>
</Handler>
Hope that helps.
Cheers.
On Jul 22, 10:40am, Ricardo Kustner wrote:
> Subject: (RADIATOR) proxying Acct?
> Hi,
>
> our setup is like this right now
>
> Auth: Ascend --> radiator (sql) --> radiusd1 (/etc/passwd)
> Acct: Ascend --> radiusd2
>
> radiusd1 is a unix machine which authorizes some of our old accounts through
> the local passwd file.
> radiusd2 is another unix machine which logs the accounting and runs some
> selfmade accounting view software...
>
> What i want to change now, is have Ascend send the Acct info to Radiator,
have
> radiator store it in a SQL database, and 'proxy' this info to radiusd2 too...
>
> should i do it something like this?
>
> <Realm blah>
>
> # first duplicate the acct to radiusd2
>
> AuthByPolicy ContinueAlways
>
> <AuthBy RADIUS>
> Host radiusd2
> Secret ....
> NoForwardAuthentication # does this mean it'll only forward Acct?
> AuthSelect
> </AuthBy>
>
> AuthByPolicy ContinueWhileReject # can I use a this a 2nd time
> # to change the policy realtime?
>
> <Authby SQL>
> # ... auth with the sql db
> </Authby>
>
> # if account was not found in SQL, forward to radiusd1 as a last
resort
> <Authby RADIUS>
> Host radiusd1
> Secret ....
> </Authby>
>
> </Realm>
>
> Ricardo.
> ---
> ----------------------------------
> E-Mail: Ricardo Kustner <[EMAIL PROTECTED]>
> Date: 22-Jul-99
> Time: 10:22:19
>
> This message was sent by XFMail
> ----------------------------------
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Ricardo Kustner
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
