On Sat, 7 Aug 1999, Neale Banks wrote:

> On Sat, 7 Aug 1999, Hugh Irvine wrote:
> 
> [...]
> > I would suggest something like this:
> > 
> > <Realm foo.bar>
> >     # Force all clauses to be executed
> >     AuthByPolicy ContinueAlways
> >     # Do our normal processing
> >     <AuthBy ....>
> >             ......
> >     </AuthBy>
> >     # Set up a proxy for Accounting only
> >     <AuthBy RADIUS>
> >             Host ....
> >             Secret ....
> >             NoForwardAuthentication
> >     </AuthBy>
> >     # Log accounting to local file
> >     AcctLogFileName  filename
> > </Realm>
> 
> Thanks Hugh, this looks likely.  Is there something else we can/should 
> add to tell Radiator not to worry if the other host doesn't ACK the 
> accounting packets?

I experienced some troubles with the suggested configuration. If you use
NoForwardAuthentication RADIUS Authentication-Requests are not forwarded
but ACCEPTED. I noticed that if the first AuthBy failed the user would be
granted access anyway because of the second AuthBy. Accounting was taken
care of exactly as I wanted. But this was not true for Authentication ;-)
Currently I am using <Handler> statements as discussed on this list to
make a copy of accounting information without granting everybody access.

-Wim


===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to