Hugh Irvine wrote:
> > 1) Show NAS address for which there is a message in radiator.log
>
> The new version of Radiator (2.15 due out in the next few days) has modified
> logging to show more information at Trace 3
Fine! Will wait for it!
> > 3) Something like "Fall-Through" in "<Handler> sections so packet can
> > go through several handler sections.
> >
>
> I'm not sure I understand what you mean, I'm afraid. Handlers are designed to
> match on specific attributes in the Request packet and take the corresponding
> action. What exactly do you have in mind, remembering that you can chain
> multiple AuthBy's in the same Handler, and define a DEFAULT at the end to catch
> everything you haven't specified explicitly?
For now, Radiator process the first <Handler> section which matches the packet.
Any following <Handler> which may match this packet too will never be processed. I
think it would be very helpful if there will be something like "Fall-Through" in
<Handler> section which will control whether the following <Handler> sections
should be processed or they shouldn't (default behaviour).
For example, I have different Realms which should be authenticated through
different methods. Let's say, we have realm "test" which should authenticate by
other Radius server. We have the following in radius.cfg:
<Handler Realm=test>
<AuthBy RADIUS>
...
</AuthBy>
</Handler>
Then, we need to save accounting information on both local and remote server.
What should we to do? We have to add another <Handler> section for non-empty
"Acct-Status-Type" value pair. We add the following BEFORE the section shown
above:
<Handler Realm=test, Acct-Status-Type=/^Start|^Stop/>
<AuthBy RADIUS>
..
</AuthBy>
<AuthBy SQL>
[some clauses to save accounting info into local database]
</AuthBy SQL>
</Handler>
Right?
But AuthBy SQL is a little bit complicated to repeat it several times for each
realm. So, why not use the following:
#Section to handle "test" realm authentication and accounting
<Handler Realm=test>
<AuthBy RADIUS>
...
</AuthBy>
FallThrough=true
</Handler>
#General accounting section
<Handler Acct-Status-Type=/^Start|^Stop/>
<AuthBy SQL>
...
AccountingStartsOnly
</AuthBy>
<AuthBy SQL>
...
AccountingStopsOnly
</AuthBy>
</Handler>
In the example above there is: 1-st <Handler> will process authentication and
accounting requests and send them to remote RADIUS server, and the 2-nd <Handler>
will also process accounting requests for ALL the rest, and also sends accounting
to local database.
Do I make myself clear?
--
________________________________________________________
Regards, Dmitry Niqiforoff [tel. +7 8462 427427]
Kraft-S, JSC.
Samara, Russia
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
