Hello Ivan -
You need to leave the AuthBy RADIUS clause last in the chain, as an AuthBy
RADIUS will fork, hence never getting to whatever follows.
I think in your case you need a simple PreAuthHook that will return an Accept
if the request is an accounting request. There are some example hooks in the
file "goodies/hooks.txt" in the Radiator 2.16.1 release.
hth
Hugh
On Tue, 25 Jul 2000, [EMAIL PROTECTED] wrote:
> Greetings,
>
> What we have here is a setup where radiator does different things based on
> the user's realm...
>
> IE: do a AuthBy FILE for some of them, and others it will do a AuthBy RADIUS
> to other servers...
>
> However, in one of the AuthBy RADIUS' I don't want to forward accounting
> requests, but instead of ignoring them, I want to acknowledge then from
> radiator.
>
> I know about NoForwardAccounting, but this tells radiator to ignore the
> request, and so radiator doesn't send the NAS the Accounting-Response, so the
> NAS resends it, thinking it has failed.
>
> The realm in question has the config structure of:
>
> <Realm ...>
> <AuthBy GROUP>
> AuthByPolicy ContinueUntilReject
> # Has the user being suspeneded by the billing software?
> <AuthBy FILE>
> AcceptIfMissing
> Filename %D/users.notallowed
> </AuthBy>
> # If here, then user hasn't been suspended, but are they valid?
> <AuthBy RADIUS>
> Host otherserver
> </AuthBy>
> </AuthBy>
> </Realm>
>
> Is there a simple way of having the AuthBy RADIUS still forward the
> access-request as per normal, but if an accounting-request comes in, not have
> it forwarded to the other radius server, but acknowledged either by the Realm
> or something else?
>
> Something like this for the 2nd AuthBy (replacing the AuthBy RADIUS)...
>
> <AuthBy GROUP>
> AuthByPolicy ContinueWhileIgnore
> # Check in radius to see if valid for logins, but don't forward acct
> <AuthBy RADIUS>
> NoForwardAccounting
> Host otherserver
> </AuthBy>
> # Ok, here, we just use a file...
> <AuthBy FILE>
> Filename %D/users.allowed
> </AuthBy>
> </AuthBy>
>
> then %D/users.allowed has basically:
>
> DEFAULT
> Service-Type = Framed-User,
> ....
>
> Or is my logic not right in the case of access requests won't get handled as
> expected?
>
> Thanks for any help.
>
> ivan.
> --
> Ivan Brawley
> Internode Professional Access.
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
