--- Forwarded mail from [EMAIL PROTECTED]
Date: Thu, 31 Aug 2000 06:10:14 +1000 (EST)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: BOUNCE [EMAIL PROTECTED]: Non-member submission from [John Kemp
<[EMAIL PROTECTED]>]
>From mikem Thu Aug 31 06:10:10 2000
Received: by oscar.open.com.au (8.9.0/8.9.0) id GAA13512
for [EMAIL PROTECTED]; Thu, 31 Aug 2000 06:10:09 +1000 (EST)
>Received: from network-services.uoregon.edu (network-services.uoregon.edu
[128.223.60.21]) by perki.connect.com.au with ESMTP id GAA25844
(8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Thu, 31 Aug 2000 06:59:59 +1100
(EST)
Received: from network-services.uoregon.edu (network-services.uoregon.edu
[128.223.60.21]) by perki.connect.com.au with ESMTP id GAA25844
(8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Thu, 31 Aug 2000 06:59:59 +1100
(EST)
Received: (from kemp@localhost)
by network-services.uoregon.edu (8.10.1/8.9.3) id e7UJxvN22800;
Wed, 30 Aug 2000 12:59:57 -0700 (PDT)
Date: Wed, 30 Aug 2000 12:59:57 -0700 (PDT)
From: John Kemp <[EMAIL PROTECTED]>
Message-Id: <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Cc: [EMAIL PROTECTED]
Subject: AuthBy RADIUS then AuthBy UNIX unpredictable
Content-Type: text
The goal was to have this:
AuthBy RADIUS...
then if that is ignored
AuthBy UNIX
Anyone succesfully doing that with RADIATOR? We are talking
to cistroen 1.6X at the other end.
After doing extensive testing with all of the Continue{Until/While}
clauses, and with the remote server up doing REJECT or down doing
No Reply, or doing Synchronous on the RADIUS...
I've come to the conclusion that there is some kind of
flaky behavior when doing UNIX second and having the RADIUS response
be a No Reply. ContinueWhileIgnore doesn't seem to in this order.
And there may be some case where the AuthBy UNIX REJECT
is preventing a correct RADIUS ACCEPT as well... Just a guess.
It would seem to suggest that the flexibility of the Continue{Until/While}
flags is really not good enough to cover multiple conditions.
So we are basically stuck. The only way the server will appear to
work close to our goal setup is like this:
<Realm /(^smoked$)/i>
RewriteUsername s/^([^@]+)@.*/$1/
AcctLogFileName %L/smoked-realm.log
AuthByPolicy ContinueUntilAccept
<AuthBy UNIX>
Filename /smokeconfig/ashadowfile
DefaultReply
Service-Type=Framed,Framed-Protocol=PPP,Framed-IP-Netmask=255.255.252.0,Framed-MTU=576,Framed-Compression=Van-Jacobson-TCP-IP
</AuthBy>
<AuthBy RADIUS>
Host smoked
Secret yeah-i-m-sure-i-d-leave-that-in-here
Retries 1
DefaultReply
Service-Type=Framed,Framed-Protocol=PPP,Framed-IP-Netmask=255.255.252.0,Framed-MTU=576,Framed-Compression=Van-Jacobson-TCP-IP
</AuthBy>
</Realm>
So this works, but it is not the order we want. We only want
to do UNIX *IF* the RADIUS server is unreachable. Synchronous
should have worked in that case... but REJECT and No Reply create
two different situations, wherein you can't implement it this way.
If anyone has a config to the contrary, I would really appreciate
seeing it... If you have, make sure you have testing with the remote
server up and down, cause something really odd happens in those two
cases.
:-(
John Kemp ([EMAIL PROTECTED])
---End of forwarded mail from [EMAIL PROTECTED]
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
