Ok, more confusing stuff from me :)
I have modified my config from before, in an attemp to make it neater..
Basically, the just is this:
3 AuthBys in a group.
1. Bounce the Accounting off to a different radius server. So ignore auth
(which with the NoForwardAuthentication flag set, will by default accept).
2. Check in a file using an <AuthBy FILE></AuthBy>. 3 scenarios:
i) If the user is found in the file, and check items match, just accept.
ii) If the user is found in the file, and the check items don't match, just
reject.
iii) If the user is not found in the file, then proceed to the next AuthBy.
3. Use an <AuthBy SQL></AuthBy> to query the database for the user's data.
The way I figured this would work is as follows:
<AuthBy GROUP>
AuthByPolicy ContinueWhileAccept
<AuthBy RADIUS>
NoForwardAuthentication
Host somehost
Secret XXXXXXXX
</AuthBy>
AuthByPolicy ContinueWhileIgnore
<AuthBy FILE>
NoDefaultIfFound
Filename %D/users.adsl
</AuthBy>
AuthByPolicy ContinueWhileAccept
<AuthBy SQL>
...
</AuthBy>
</AuthBy>
and having
DEFAULT Auth-Type=Ignore
in my users.adsl ...
that way, authby file would trigger return to user is accepted or rejected,
and only continue onto authby sql if ignored.
anyhow. to cut a long story short, it doesn't work... level 4 logs:
Mon Apr 29 17:37:22 2002: DEBUG: Packet dump:
*** Received from 210.15.210.5 port 36757 ....
Code: Access-Request
Identifier: 51
Authentic: 1234567890123456
Attributes:
User-Name = "trippinhard@adsl"
Service-Type = Framed-User
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
User-Password =
"{<231><133>!<20>i<226><252><253><141><209><190>^?<227> "
Mon Apr 29 17:37:22 2002: DEBUG: Handling request with Handler 'Realm=adsl'
Mon Apr 29 17:37:22 2002: DEBUG: Rewrote user name to trippinhard
Mon Apr 29 17:37:22 2002: DEBUG: Deleting session for trippinhard@adsl,
203.63.154.1, 1234
Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthGROUP
Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthRADIUS
Mon Apr 29 17:37:22 2002: DEBUG: Handling with Radius::AuthFILE:
Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE looks for match with
trippinhard
Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Mon Apr 29 17:37:22 2002: DEBUG: Radius::AuthFILE IGNORE: Ignored explicitly by
Auth-Type=Ignore
it never gets to the AuthBy SQL even though the AuthBy FILE ignores it...
I've got this to work in the past, but in a very different manner (see
the config file I posted earlier today).. this is quite messy, and i'd
like to make it work this way. So If anyone can suggest how this can
work... i'd love to hear from you :)
Thanks
Jeremy
--
Jeremy Burton
Database Administrator, Netspace Online Systems
[EMAIL PROTECTED]
[EMAIL PROTECTED]
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
