Hello John -
>
> The goal was to have this:
>
> AuthBy RADIUS...
> then if that is ignored
> AuthBy UNIX
>
> Anyone succesfully doing that with RADIATOR? We are talking
> to cistroen 1.6X at the other end.
>
> After doing extensive testing with all of the Continue{Until/While}
> clauses, and with the remote server up doing REJECT or down doing
> No Reply, or doing Synchronous on the RADIUS...
> I've come to the conclusion that there is some kind of
> flaky behavior when doing UNIX second and having the RADIUS response
> be a No Reply. ContinueWhileIgnore doesn't seem to in this order.
> And there may be some case where the AuthBy UNIX REJECT
> is preventing a correct RADIUS ACCEPT as well... Just a guess.
> It would seem to suggest that the flexibility of the Continue{Until/While}
> flags is really not good enough to cover multiple conditions.
>
> So we are basically stuck. The only way the server will appear to
> work close to our goal setup is like this:
>
> <Realm /(^smoked$)/i>
> RewriteUsername s/^([^@]+)@.*/$1/
> AcctLogFileName %L/smoked-realm.log
> AuthByPolicy ContinueUntilAccept
> <AuthBy UNIX>
> Filename /smokeconfig/ashadowfile
> DefaultReply
> Service-Type=Framed,Framed-Protocol=PPP,
Framed-IP-Netmask=255.255.252.0,Framed-MTU=576,
Framed-Compression=Van-Jacobson-TCP-IP
> </AuthBy>
> <AuthBy RADIUS>
> Host smoked
> Secret yeah-i-m-sure-i-d-leave-that-in-here
> Retries 1
> DefaultReply
> Service-Type=Framed,Framed-Protocol=PPP,
Framed-IP-Netmask=255.255.252.0,Framed-MTU=576,
Framed-Compression=Van-Jacobson-TCP-IP
> </AuthBy>
> </Realm>
>
> So this works, but it is not the order we want. We only want
> to do UNIX *IF* the RADIUS server is unreachable. Synchronous
> should have worked in that case... but REJECT and No Reply create
> two different situations, wherein you can't implement it this way.
> If anyone has a config to the contrary, I would really appreciate
> seeing it... If you have, make sure you have testing with the remote
> server up and down, cause something really odd happens in those two
> cases.
>
You are correct that this doesn't work as you might expect.
This problem has to do with the way the AuthBy RADIUS clause is implemented,
ie. asynchronously. What happens is that the AuthBy RADIUS clause will return
immediately without waiting for anything else and no further processing will be
done with any AuthBy following.
The best way to do what you want to do is in a NoReplyHook, from which you
would call the AuthBy UNIX clause directly.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
