Excellent and informative reply.
So the magic piece of information is "the result returned is the result of
the last AuthBy in the sequence". The manual glances at this idea:
http://www.open.com.au/radiator/ref.html#12824
but it might not hurt to be more explicit in the manual...
This is a great feature, and part of what is making Radiator a joy to work
with, and will probably make our upcoming integration with another ISP a
breeze. Thanks for a great product!
Dave
> -----Original Message-----
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: Thursday, March 08, 2001 6:42 PM
> To: Kitabjian, Dave; [EMAIL PROTECTED]
> Subject: IMPORTANT - Re: (RADIATOR) purpose of ContinueUntilIgnore?
>
>
>
> Hello Dave -
>
> On Friday 09 March 2001 09:05, Kitabjian, Dave wrote:
> > I'm trying to understand the logic of the various
> AuthByPolicies, and this
> > one leaves me confused. Aside from how it would be useful,
> I'd like to know
> > what it returns?
> >
> > Since it doesn't return until it gets an ignore, it
> presumably doesn't
> > return any of the preceding results. And then it "succeeds"
> by getting
> > Ignored, in which case there is again no result. So what
> will it return? An
> > Ignore?
> >
> > Similarly, correct me if I'm wrong, but wouldn't ContinueUntilReject
> > guarantee that nobody will ever be able to log in, since no
> results will be
> > sent to the client until the result is a Reject?
> >
>
> You will need to understand something about the Radius
> protocol design first,
> and then something about the Radiator design.
>
> First Radius. Keep in mind that "Ignore" (no response) is perfectly
> reasonable behaviour in the context of the Radius protocol,
> because that is
> what causes a NAS to failover to a secondary Radius host.
> Note that this is
> the only behaviour that makes sense here as either an Accept
> or a Reject will
> cause the NAS to do something else.
>
> Next Radiator. Also keep in mind that the AuthByPolicy
> parameters are the
> control specifications for the sequence of processing, not
> what will be
> returned to the NAS. With ContinueUntilIgnore, if there is
> not an Ignore
> during the sequence of AuthBy's, the result returned is the
> result of the
> last AuthBy in the sequence. Idem for ContinueUntilReject -
> as long as you
> don't get a Reject, you continue processing and the result of
> the last AuthBy
> is what is returned.
>
> Note also that some of the AuthByPolicy's are inverse
> statements of the same
> condition and are only included for completeness and for ease of
> specification for those who think differently.
>
> regards
>
> Hugh
>
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
