On Sat, 7 Aug 1999, Neale Banks wrote:
> On Sat, 7 Aug 1999, Hugh Irvine wrote:
>
> [...]
> > I would suggest something like this:
> >
> > <Realm foo.bar>
> > # Force all clauses to be executed
> > AuthByPolicy ContinueAlways
> > # Do our normal processing
> > <AuthBy ....>
> > ......
> > </AuthBy>
> > # Set up a proxy for Accounting only
> > <AuthBy RADIUS>
> > Host ....
> > Secret ....
> > NoForwardAuthentication
> > </AuthBy>
> > # Log accounting to local file
> > AcctLogFileName filename
> > </Realm>
>
> Thanks Hugh, this looks likely. Is there something else we can/should
> add to tell Radiator not to worry if the other host doesn't ACK the
> accounting packets?
I experienced some troubles with the suggested configuration. If you use
NoForwardAuthentication RADIUS Authentication-Requests are not forwarded
but ACCEPTED. I noticed that if the first AuthBy failed the user would be
granted access anyway because of the second AuthBy. Accounting was taken
care of exactly as I wanted. But this was not true for Authentication ;-)
Currently I am using <Handler> statements as discussed on this list to
make a copy of accounting information without granting everybody access.
-Wim
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.