(RADIATOR) AuthByPolicy Question: ContinueUntilAccept

Jon Lindbo Mon, 20 Jan 2003 14:58:27 -0800

Hi,
        I am having a little bit of trouble with some complex AuthBy handling I am doing. I have customers in various states of conversion to some new dialup settings and I am having to jump through 15 different hoops when authenticating them. The problem I am having is when I set my AuthByPolicy to ContinueUntilAccept, I have no way of sending a REJECT to the NAS if none of the AuthBy clauses ACCEPT the user. Is there a way to send a reject if the request was not accepted that I am not thinking of?

Below is a trimmed copy of the config.

Thanks
Jonathon Lindbo

<AuthBy SQL>
        Identifier      niiVispAuthClear

        DBSource        dbi:mysql:service:x.x.x.x
        DBUsername      xxxxxx
        DBAuth          xxxxxx

        AuthSelect      select clear_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \
                        from dial_auth \
                        where `User-Name`='%n' and network='%{network}'

        AuthColumnDef   0,User-Password,check
        AuthColumnDef   1,Simultaneous-Use,check
        AuthColumnDef   2,Class,reply
        AuthColumnDef   3,Session-Timeout,reply
        AuthColumnDef   4,Idle-Timeout,reply
        NoDefault                                                               # Don't try select for DEFAULT

        IgnoreAccounting

        AddToReply      Ascend-Data-Filter = "ip in forward tcp est",\
                        Ascend-Data-Filter = "ip in forward dstip 63.240.133.32/28",\
                        Ascend-Data-Filter = "ip in drop tcp dstport = 25",\
                        Ascend-Data-Filter = "ip in forward 0",\
                        Service-Type = Framed-User,\
                        Framed-Protocol = PPP
</AuthBy>
<AuthBy SQL>
        Identifier      niiVispAuthCrypt

        DBSource        dbi:mysql:service:x.x.x.x
        DBUsername      xxxxxx
        DBAuth          xxxxxx

        AuthSelect      select encr_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \
                        from dial_auth \
                        where `User-Name`='%n' and network='%{network}'

        AuthColumnDef   0,Encrypted-Password,check
        AuthColumnDef   1,Simultaneous-Use,check
        AuthColumnDef   2,Class,reply
        AuthColumnDef   3,Session-Timeout,reply
        AuthColumnDef   4,Idle-Timeout,reply
        NoDefault                                                               # Don't try select for DEFAULT

        IgnoreAccounting

        AddToReply      Ascend-Data-Filter = "ip in forward tcp est",\
                        Ascend-Data-Filter = "ip in forward dstip 63.240.133.32/28",\
                        Ascend-Data-Filter = "ip in drop tcp dstport = 25",\
                        Ascend-Data-Filter = "ip in forward 0",\
                        Service-Type = Framed-User,\
                        Framed-Protocol = PPP
</AuthBy>
<AuthBy SQL>
        Identifier      niiInternalAuthClear

        DBSource        dbi:mysql:service:x.x.x.x
        DBUsername      xxxxx
        DBAuth          xxxxx

        AuthSelect      select clear_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \
                        from dial_auth \
                        where `User-Name`='%n'

        AuthColumnDef   0,User-Password,check
        AuthColumnDef   1,Simultaneous-Use,check
        AuthColumnDef   2,Class,reply
        AuthColumnDef   3,Session-Timeout,reply
        AuthColumnDef   4,Idle-Timeout,reply
        NoDefault                                                # Don't try select for DEFAULT

        IgnoreAccounting

        AddToReply      Ascend-Data-Filter = "ip in forward tcp est",\
                        Ascend-Data-Filter = "ip in forward dstip 63.240.133.32/28",\
                        Ascend-Data-Filter = "ip in drop tcp dstport = 25",\
                        Ascend-Data-Filter = "ip in forward 0",\
                        Service-Type = Framed-User,\
                        Framed-Protocol = PPP
</AuthBy>

..... Just more of the same, I am going to cut to the handlers

<Handler network = internal>
        PasswordLogFileName %L/internal.password.log
        AuthByPolicy ContinueUntilAccept

        AuthBy niiInternalAuthCrypt
        AuthBy niiInternalAuthClear
        AuthBy niiSystemAuthCrypt
        AuthBy niiSystemAuthClear
        AuthBy niiAcct
</Handler>
<Handler Realm = bluebuzz.net>
        PasswordLogFileName %L/%R.password.log
        AuthByPolicy ContinueUntilAccept

        AuthBy niiVispAuthClear
        AuthBy niiVispAuthCrypt
        AuthBy niiSystemAuthClear
        AuthBy niiSystemAuthCrypt
        AuthBy niiAcct
</Handler>

(RADIATOR) AuthByPolicy Question: ContinueUntilAccept

Reply via email to