Re: (RADIATOR) AuthByPolicy Question: ContinueUntilAccept

[Steve Roderick]

Couldn't you do some groups.   <AuthBy INTERNAL>     Identifier    AlwaysReject     DefaultResult   REJECT </AuthBy> <AuthBy INTERNAL>     Identifier    AlwaysIgnore     DefaultResult   IGNORE </AuthBy>   <AuthBy GROUP>     AuthByPolicy ContinueWhileIgnore     <AuthBy GROUP>         AuthByPolicy ContinueUntilAccept         AuthBy  niiVispAuthClear         AuthBy  niiVispAuthCrypt         AuthBy  niiSystemAuthClear         AuthBy  niiSystemAuthCrypt         AuthBy  niiAcct         AuthBy AlwaysIgnore     </AuthBy>     AuthBy AlwaysReject </AuthBy> Not sure if it will work or not, just off the top of my head.   I'm not sure why just adding "AuthBy AlwaysReject" to the end of your AuthBy list wouldn't do the same thing. I would try that first, and then try the groups.   Steve   ----- Original Message ----- From: Jon Lindbo To: [EMAIL PROTECTED] Sent: Monday, January 20, 2003 2:47 PM Subject: (RADIATOR) AuthByPolicy Question: ContinueUntilAccept Hi,         I am having a little bit of trouble with some complex AuthBy handling I am doing.  I have customers in various states of conversion to some new dialup settings and I am having to jump through 15 different hoops when authenticating them.  The problem I am having is when I set my AuthByPolicy to ContinueUntilAccept, I have no way of sending a REJECT to the NAS if none of the AuthBy clauses ACCEPT the user.  Is there a way to send a reject if the request was not accepted that I am not thinking of? Below is a trimmed copy of the config. Thanks Jonathon Lindbo <AuthBy SQL>         Identifier      niiVispAuthClear         DBSource        dbi:mysql:service:x.x.x.x         DBUsername      xxxxxx         DBAuth          xxxxxx         AuthSelect      select clear_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \                         from dial_auth \                         where `User-Name`='%n' and network='%{network}'         AuthColumnDef   0,User-Password,check         AuthColumnDef   1,Simultaneous-Use,check         AuthColumnDef   2,Class,reply         AuthColumnDef   3,Session-Timeout,reply         AuthColumnDef   4,Idle-Timeout,reply         NoDefault                                                               # Don't try select for DEFAULT         IgnoreAccounting         AddToReply      Ascend-Data-Filter = "ip in forward tcp est",\                         Ascend-Data-Filter = "ip in forward dstip 63.240.133.32/28",\                         Ascend-Data-Filter = "ip in drop tcp dstport = 25",\                         Ascend-Data-Filter = "ip in forward 0",\                         Service-Type = Framed-User,\                         Framed-Protocol = PPP </AuthBy> <AuthBy SQL>         Identifier      niiVispAuthCrypt         DBSource        dbi:mysql:service:x.x.x.x         DBUsername      xxxxxx         DBAuth          xxxxxx         AuthSelect      select encr_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \                         from dial_auth \                         where `User-Name`='%n' and network='%{network}'         AuthColumnDef   0,Encrypted-Password,check         AuthColumnDef   1,Simultaneous-Use,check         AuthColumnDef   2,Class,reply         AuthColumnDef   3,Session-Timeout,reply         AuthColumnDef   4,Idle-Timeout,reply         NoDefault                                                               # Don't try select for DEFAULT         IgnoreAccounting         AddToReply      Ascend-Data-Filter = "ip in forward tcp est",\                         Ascend-Data-Filter = "ip in forward dstip 63.240.133.32/28",\                         Ascend-Data-Filter = "ip in drop tcp dstport = 25",\                         Ascend-Data-Filter = "ip in forward 0",\                         Service-Type = Framed-User,\                         Framed-Protocol = PPP </AuthBy> <AuthBy SQL>         Identifier      niiInternalAuthClear         DBSource        dbi:mysql:service:x.x.x.x         DBUsername      xxxxx         DBAuth          xxxxx         AuthSelect      select clear_pass,`Simultaneous-Use`,service_number,`Session-Timeout`,`Idle-Timeout` \                         from dial_auth \                         where `User-Name`='%n'         AuthColumnDef   0,User-Password,check         AuthColumnDef   1,Simultaneous-Use,check         AuthColumnDef   2,Class,reply         AuthColumnDef   3,Session-Timeout,reply         AuthColumnDef   4,Idle-Timeout,reply         NoDefault                                                # Don't try select for DEFAULT         IgnoreAccounting         AddToReply      Ascend-Data-Filter = "ip in forward tcp est",\                         Ascend-Data-Filter = "ip in forward dstip 63.240.133.32/28",\                         Ascend-Data-Filter = "ip in drop tcp dstport = 25",\                         Ascend-Data-Filter = "ip in forward 0",\                         Service-Type = Framed-User,\                         Framed-Protocol = PPP </AuthBy> ..... Just more of the same, I am going to cut to the handlers <Handler network = internal>         PasswordLogFileName %L/internal.password.log         AuthByPolicy ContinueUntilAccept         AuthBy  niiInternalAuthCrypt         AuthBy  niiInternalAuthClear         AuthBy  niiSystemAuthCrypt         AuthBy  niiSystemAuthClear         AuthBy  niiAcct </Handler> <Handler Realm = bluebuzz.net>         PasswordLogFileName %L/%R.password.log         AuthByPolicy ContinueUntilAccept         AuthBy  niiVispAuthClear         AuthBy  niiVispAuthCrypt         AuthBy  niiSystemAuthClear         AuthBy  niiSystemAuthCrypt         AuthBy  niiAcct </Handler>