Hello Steve -
I am not sure I understand your question regarding two instances of the hook.
The usual case is to seperate the processing for the two cases using either Realms or (more generally) Handlers.
And with an AuthBy FILE as you describe, you don't usually need a hook at all - you just need to define your address pools to use whatever comes back from the database lookup, and use an AuthByPolicy ContinueWhileAccept to control the two AuthBy clauses.
In the case of the AuthBy RADIUS clause, you need a ReplyHook because the reply comes back asynchronously from the proxy.
And yes you can add your own Reply-Message - just call "delete_attr(....)" first before adding your new one.
You are correct in pointing out that reply attributes in an Access-Reject don't usually cause problems. However you might want to look at using "AllowInReply" in your Authby RADIUS clause to limit the reply attributes that you will accept from a proxy. Then if you want to delete even those, you can use the reference to "AllowInReply" when you call "delete_attr".
regards
Hugh
On Tuesday, Nov 26, 2002, at 14:32 Australia/Melbourne, Steve Phillips wrote:
At 16:02 26/11/2002, Hugh Irvine wrote:Hello Steve -Found that after I posted the message :-) I'm am now busy LARTing myself and rewriting my script - It appears however that I will still need two separate instances of the script, one to handle Local Authing by AuthBy FILE and one to handle AuthBy RADIUS, would that be right ?
There are some example hooks including a ReplyHook that does pretty much what you require in the file "goodies/hooks.txt".
If you have any further questions, please let me know.
Also, is there a way, when changing the reply code to an Access-Reject, to insert your own Reply-Message to something other than "Request Denied" ? it appears that $rp->change_attr and $rp->delete_attr('Reply-Message'); simply add another Reply-Message Attribute and dont actually delete the "Request Denied" reply.
Also :-)
When changing the message code to an Access-Reject, is there a way to delete all the current attributes in the reply packet as these are still sending back information such as "Framed-MTU" etc etc (this is mostly cosmetic I guess as it does not appear to actually break anything)
Thanks,
--
Steve.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
