It's my understanding that Fall-Through = yes is the default
setting.  However, I did try it and it still did not work.

Thank you for your reply, however.  I'm certain that I'm
doing something wrong, but I know eventually I'll figure
it out or someone will nudge me in the right direction.

John

At 01:02 PM 4/27/01 -0400, you wrote:
>I'm not a whiz at using DEFAULT, but you might benefit from:
>
>13.2.6 Fall-Through
>This attribute is not actually returned to the NAS. Its presence causes
>Radiator to continue looking for a match with the next DEFAULT user name.
>
>         Fall-Through = yes
>
>http://www.open.com.au/radiator/ref.html#pgfId=330995
>
>Dave
>
> > -----Original Message-----
> > From: John Coy [mailto:[EMAIL PROTECTED]]
> > Sent: Friday, April 27, 2001 11:31 AM
> > To: [EMAIL PROTECTED]
> > Subject: Re: (RADIATOR) best technique to fallback to flat file if DB
> > server not available
> >
> >
> > I know it's wierd to reply to my own message, but I found
> > something in the RADIATOR archives:
> >
> > [ From Mike McCauley ]
> > 2. Chain a second authentication method after SQL, so that if
> > SQL fails (and
> > says IGNORE), it will then auth from (say) a local flat file:
> >
> > <Realm whatever>
> >          AuthByPolicy ContinueWhileIgnore
> >          <AuthBy SQL>
> >                  # whatever
> >          </AuthBy>
> >          # If SQL fails, auth from flat file:
> >          <AuthBy FILE>
> >                  Filename whatever
> >          </AuthBy>
> > </Realm>
> >
> > However, this technique doesn't work if you have an arrangement
> > similar to this one -- here, my default realm is authenticated
> > using <Authby FILE>.  Inside that file, I make references to
> > several authentication methods, including <AuthBy SQL> and
> > <AuthBy UNIX>.  However, since the <AuthBy SQL> fails, it
> > never gets to move on to the second DEFAULT.  Not sure if this
> > is intended to be this way, or if my config is just so messed
> > up... anyhow, if there's a way to get it to move on to the next
> > DEFAULT entry that's what I'd like to do....
> >
> > My radiusd.cfg (excerpts):
> >
> > -- radiusd.cfg --
> > <Realm DEFAULT>
> >          RewriteUsername         tr/A-Z/a-z/
> >          AuthByPolicy            ContinueWhileIgnore
> >
> >          AuthBy                  AuthANCIUsers
> > </Realm>
> >
> > <AuthBy FILE>
> >          Identifier      AuthANCIUsers
> >          Filename        %D/users
> > </AuthBy>
> >
> > <AuthBy SQL>
> >          Identifier      AuthSQLPasswd
> >
> >          DBSource        dbi:Oracle:starship
> >          DBUsername      uname
> >          DBAuth          password
> >
> >          AuthSelect      SELECT password, checkattr, replyattr \
> >                          FROM   passwd \
> >                          WHERE  username = LOWER('%n')
> >
> >          AuthColumnDef           0, Encrypted-Password, check
> >          AuthColumnDef           1, GENERIC, check
> >          AuthColumnDef           2, GENERIC, reply
> >
> >          AddToReplyIfNotExist    Ascend-Maximum-Channels = 1
> >
> >          AccountingTable
> > </AuthBy>
> >
> > <AuthBy UNIX>
> >          Identifier              UNIX
> >          Filename                /usr/local/etc/shadow
> >          GroupFilename           /usr/local/etc/group
> >
> >          AddToReplyIfNotExist    Ascend-Maximum-Channels = 1
> > </Authby>
> > -- end radiusd.cfg --
> >
> > Then, inside the "users" file, you have a DEFAULT entry:
> >
> > -- users --
> > DEFAULT Auth-Type = AuthSQLPasswd
> >          Ascend-Idle-Limit = 1800,
> >          Ascend-Assign-IP-Pool = 0,
> >          User-Service = Framed-User,
> >          Framed-Protocol = PPP,
> >          Ascend-Maximum-Call-Duration = 480,
> >          Ascend-Client-Primary-DNS = 208.133.27.10,
> >          Ascend-Client-Secondary-DNS = 216.152.26.168,
> >          Ascend-Client-Assign-DNS = DNS-Assign-Yes,
> >          Ascend-Shared-Profile-Enable = 0,
> >          Ascend-Multicast-Client = 1,
> >          Ascend-Multicast-Rate-Limit = 5
> >
> > DEFAULT Auth-Type = UNIX
> >          Ascend-Idle-Limit = 1800,
> >          Ascend-Assign-IP-Pool = 0,
> >          User-Service = Framed-User,
> >          Framed-Protocol = PPP,
> >          Ascend-Maximum-Call-Duration = 480,
> >          Ascend-Client-Primary-DNS = 208.133.27.10,
> >          Ascend-Client-Secondary-DNS = 216.152.26.168,
> >          Ascend-Client-Assign-DNS = DNS-Assign-Yes,
> >          Ascend-Shared-Profile-Enable = 0,
> >          Ascend-Multicast-Client = 1,
> >          Ascend-Multicast-Rate-Limit = 5
> > -- end users --
> >
> > At 09:02 PM 4/26/01 -0500, you wrote:
> > >What's the best technique to have Radiator fall back to
> > authentication
> > >via flat file (UNIX-style auth for example) instead of SQL
> > database if the
> > >SQL database isn't available.
> > >
> > >I tried using two DEFAULT entries in my users file, one which did SQL
> > >auth, the other which did UNIX auth but that didn't work.
> > Instead, it
> > >fails to connect to the DB server and won't move on to the flat file.
> > >
> > >Hints, tips welcome.
> > >
> > >John
> > >
> > >
> > >===
> > >Archive at http://www.starport.net/~radiator/
> > >Announcements on [EMAIL PROTECTED]
> > >To unsubscribe, email '[EMAIL PROTECTED]' with
> > >'unsubscribe radiator' in the body of the message.
> >
> >
> > ===
> > Archive at http://www.starport.net/~radiator/
> > Announcements on [EMAIL PROTECTED]
> > To unsubscribe, email '[EMAIL PROTECTED]' with
> > 'unsubscribe radiator' in the body of the message.
> >


===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to