Hello Dave -
On Friday 09 March 2001 09:05, Kitabjian, Dave wrote:
> I'm trying to understand the logic of the various AuthByPolicies, and this
> one leaves me confused. Aside from how it would be useful, I'd like to know
> what it returns?
>
> Since it doesn't return until it gets an ignore, it presumably doesn't
> return any of the preceding results. And then it "succeeds" by getting
> Ignored, in which case there is again no result. So what will it return? An
> Ignore?
>
> Similarly, correct me if I'm wrong, but wouldn't ContinueUntilReject
> guarantee that nobody will ever be able to log in, since no results will be
> sent to the client until the result is a Reject?
>
You will need to understand something about the Radius protocol design first,
and then something about the Radiator design.
First Radius. Keep in mind that "Ignore" (no response) is perfectly
reasonable behaviour in the context of the Radius protocol, because that is
what causes a NAS to failover to a secondary Radius host. Note that this is
the only behaviour that makes sense here as either an Accept or a Reject will
cause the NAS to do something else.
Next Radiator. Also keep in mind that the AuthByPolicy parameters are the
control specifications for the sequence of processing, not what will be
returned to the NAS. With ContinueUntilIgnore, if there is not an Ignore
during the sequence of AuthBy's, the result returned is the result of the
last AuthBy in the sequence. Idem for ContinueUntilReject - as long as you
don't get a Reject, you continue processing and the result of the last AuthBy
is what is returned.
Note also that some of the AuthByPolicy's are inverse statements of the same
condition and are only included for completeness and for ease of
specification for those who think differently.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
