Re: (RADIATOR) Tip: AuthBy GROUP with 2 RADIUS auths

Thu, 19 Apr 2001 23:51:33 -0700 


Hello Dave -

In some cases the Synchronous flag will cause serious delays, so the other 
way to do this is with a "ReplyHook" to check the return code and call the 
second AuthBy RADIUS if required.

regards

Hugh

On Friday 20 April 2001 07:20, Kitabjian, Dave wrote:
> This tip is just for the archive and fyi, in the hopes that it might help
> someone out.
>
> You can get confusing results when using a configuration similar to the
> following:
>
> <AuthBy GROUP>
>
>       AuthByPolicy    ContinueWhileReject
>
>       <AuthBy RADIUS>
>               ...
>       </AuthBy>
>       <AuthBy RADIUS>
>               ...
>       </AuthBy>
>
> </AuthBy>
>
> The AuthByPolicy docs say that each Auth will be tried in turn, according
> to the Policy specified. The problem is that Radiator handles AuthBy RADIUS
> differently than it does other AuthBys: it doesn't wait for the reply from
> the proxy before moving on.
>
> What we wanted was to proxy to one provider, and if they are rejected
> there, try the other provider (we just acquired another ISP with a separate
> authentication pool, etc). So what happened to us was that we got crazy,
> intermingled results, like:
>
>       Code:       Access-Accept
>       Identifier: 136
>       Authentic:  1234567890123456
>       Attributes:
>               Reply-Message = "Request Denied"
>               Service-Type = Framed-User
>               Framed-Protocol = PPP
>               Idle-Timeout = 1200
>
> Crazy!
>
> So anyway, the solution is to put to Synchronous flag in the first AuthBy
> RADIUS, such as:
>
> <AuthBy GROUP>
>
>       AuthByPolicy    ContinueWhileReject
>
>       <AuthBy RADIUS>
>               Synchronous
>               ...
>       </AuthBy>
>       <AuthBy RADIUS>
>               ...
>       </AuthBy>
>
> </AuthBy>
>
> That does wonders.
>
> Dave
>
> :)
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to