Yes. You shut put your most detailed match first and work down to more generic ones.
-----Original Message----- From: Tom Swenson [mailto:[EMAIL PROTECTED]] Sent: Tuesday, February 04, 2003 12:14 PM To: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Auth only on same realm Just so I understand correctly. Does the handlers work like a cisco access list in that it will start at the top of the file and the first handler that matches, it is completed? Tom Swenson - CTO NetConX - Internet Access - Client Managed Web Database Applications Wireless - Virus Blocking - Spam Blocking [EMAIL PROTECTED] http://www.netconx.net (641) 421-4170 - Voice (641) 423-3351 - FAX There's a better way to do it. Find it! - Thomas Edison *********** REPLY SEPARATOR *********** On 1/31/2003 at 10:35 AM Hugh Irvine wrote: >Hello Tom - > >I don't quite understand your question sorry. > >Could you give me a bit more detail please? > >If you want usernames without realms to be treated the same way as >those with realms, you can add a DefaultRealm parameter to your Client >clauses: > ># define Client clauses > ><Client ....> > ..... > DefaultRealm foo.bar ></Client> > >..... > >regards > >Hugh > > >On Friday, Jan 31, 2003, at 10:04 Australia/Melbourne, Tom Swenson >wrote: > >> I tried this and I think it will work, but I have to figure out a way >> to >> get the default domain in there. Is there an easier way than to put in >> an >> identifier for every client and then a handler at the end of my >> domains to >> catch all the ones without domains? >> >> Thanks again. >> >> Tom Swenson - CTO >> NetConX - Internet Access - Client Managed Web Database Applications >> Wireless - Virus Blocking - Spam Blocking >> [EMAIL PROTECTED] http://www.netconx.net >> (641) 421-4170 - Voice (641) 423-3351 - FAX >> >> Your imagination is your preview of life's coming attractions - Albert >> Einstein >> >> >> *********** REPLY SEPARATOR *********** >> >> On 1/31/2003 at 9:24 AM Hugh Irvine wrote: >> >>> Hello Tom - >>> >>> You should not mix Realms and Handlers in the same configuration file >>> for exactly this reason - Realms are always evaluated first. >>> >>> Change your Realms to Handlers like this: >>> >>> <Realm foo.bar> >>> ..... >>> </Realm> >>> >>> becomes >>> >>> <Handler Realm = foo.bar> >>> ..... >>> </Handler> >>> >>> Note that Handlers are evaluated in the order they appear in the >>> configuration file, so the more specific must appear before the more >>> general, keeping in mind that you want the most hit Handlers as close >>> to the top of the list as possible. >>> >>> regards >>> >>> Hugh >>> >>> >>> On Friday, Jan 31, 2003, at 04:55 Australia/Melbourne, Tom Swenson >>> wrote: >>> >>>> I have a newsgroup server that I have told to authenticate with the >>>> same >>>> realm as my dial in customers. I created special client for this >>>> server >>>> and then put in an identifier. I thought it would then go to the >>>> handler I >>>> created to just authenticate only. No accounting or sessions. I'm >>>> finding >>>> that it is instead of going to the handler, it is going to the realm. >>>> The >>>> manual says it this is how it will do this. >>>> >>>> I don't know what to do now. Here is what I have, but I don't think >>>> it >>>> ever goes to the handler. Is there anything I can specify in the >>>> client >>>> section to make it go to a specific realm or handler? >>>> >>>> <Client xx.xx.xx.xx> >>>> DupInterval 0 >>>> IgnoreAcctSignature >>>> Secret xxxxxxxxxxx >>>> Identifier newsauth >>>> </Client> >>>> >>>> # news group authentication >>>> <Handler Client-Identifier=newsauth> >>>> AuthBy ID_0 >>>> AuthByPolicy ContinueWhileIgnore >>>> RewriteUsername s/^([^@]+).*/$1/ >>>> </Handler> >>>> >>>> >>>> Tom Swenson - CTO >>>> NetConX - Internet Access - Client Managed Web Database Applications >>>> Wireless - Virus Blocking - Spam Blocking >>>> [EMAIL PROTECTED] http://www.netconx.net >>>> (641) 421-4170 - Voice (641) 423-3351 - FAX >>>> >>>> Your imagination is your preview of life's coming attractions - >>>> Albert >>>> Einstein >>>> >>>> >>>> === >>>> Archive at http://www.open.com.au/archives/radiator/ >>>> Announcements on [EMAIL PROTECTED] >>>> To unsubscribe, email '[EMAIL PROTECTED]' with >>>> 'unsubscribe radiator' in the body of the message. >>>> >>>> >>> >>> -- >>> Radiator: the most portable, flexible and configurable RADIUS server >>> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. >>> - >>> Nets: internetwork inventory and management - graphical, extensible, >>> flexible with hardware, software, platform and database independence. >>> >>> === >>> Archive at http://www.open.com.au/archives/radiator/ >>> Announcements on [EMAIL PROTECTED] >>> To unsubscribe, email '[EMAIL PROTECTED]' with >>> 'unsubscribe radiator' in the body of the message. >> >> >> >> === >> Archive at http://www.open.com.au/archives/radiator/ >> Announcements on [EMAIL PROTECTED] >> To unsubscribe, email '[EMAIL PROTECTED]' with >> 'unsubscribe radiator' in the body of the message. >> >> > >-- >Radiator: the most portable, flexible and configurable RADIUS server >anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. >- >Nets: internetwork inventory and management - graphical, extensible, >flexible with hardware, software, platform and database independence. > >=== >Archive at http://www.open.com.au/archives/radiator/ >Announcements on [EMAIL PROTECTED] >To unsubscribe, email '[EMAIL PROTECTED]' with >'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
