Hello Kevin -
You will really need a slightly more complicated setup to do this.
# define AuthBy clauses
<AuthBy SQL>
Identifier SQLAccounting
.....
</AuthBy><AuthBy RADIUS>
Identifier Proxy1
......
AddToReply Class = Proxy1
</AuthBy><AuthBy RADIUS>
Identifier Proxy2
....
AddToReply Class = Proxy2
</AuthBy># define Handlers
<Handler Called-Station-Id=/XXXXXX0095|XXXXXX0096/, Class = Proxy1>
AuthByPolicy ContinueAlways
AuthBy SQLAccounting
AuthBy Proxy1
.....
</Handler><Handler Called-Station-Id=/XXXXXX0095|XXXXXX0096/, Class = Proxy2>
AuthByPolicy ContinueAlways
AuthBy SQLAccounting
AuthBy Proxy2
.....
</Handler><Handler Called-Station-Id=/XXXXXX0095|XXXXXX0096/>
AuthByPolicy ContinueAlways
AuthBy Proxy1
AuthBy Proxy2
.....
</Handler>Note that in the above example, the access requests will be proxied to both targets, which is what I understand you want from your description, but I may have got it wrong (this is an unusual configuration).
regards
Hugh
On Wednesday, Jul 9, 2003, at 07:17 Australia/Melbourne, Kevin McKee wrote:
Hi,
I'm trying to create a handler that will authenticate a user by the first RADIUS proxy that responds, but then sends Accounting packets to that RADIUS proxy and an additional SQL server.
I have included the handler I am currently working with. My problem is that Accounting packets are being caught by the AuthBy SQL clause and are not passing to the AuthBy RADIUS clauses. If I change the AuthByPolicy to ContinueWhileAccept, then it will authenticate and send accounting to both of the AuthBy RADIUS clauses, and I want it to only go out to the first responding one.
Any ideas how to do this?
Thanks,
------------------------- _ _ Kevin McKee, Network Mgr _ __ | |_(_) Northwest Telephone, Inc. | '_ \| __| | Tel: +1 509 661 2000 x112 | | | | |_| | Fax: +1 509 661 2020 |_| |_|\__|_|
----------------------------------------------------------------------- -
<Handler Called-Station-Id=/XXXXXX0095|XXXXXX0096/>
#
# Sample Handler
#
MaxSessions 1
AcctLogFileName %L/%Y%m%d-XXXXXX-detail
SessionDatabase XXXX
RejectHasReason
<AuthBy SQL>
# Accounting only Database
# Needs a copy of the Accounting packets
DateFormat %Y-%m-%d %H:%M:%S
DBSource dbi:mysql:XXXXXX:XX.XX.XX.XXX
DBUsername XXXX
DBAuth XXXX
IgnoreAuthentication
AccountingStopsOnly
AccountingTable ACCOUNTING%Y%m
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer-date
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIPADDRESS,NAS-IP-Address
AcctColumnDef ASCENDDISCONNECTCAUSE,Ascend-Disconnect-Cause
AcctColumnDef ASCENDCONNECTPROGRESS,Ascend-Connect-Progress
AcctColumnDef ASCENDXMITRATE,Ascend-Xmit-Rate,Integer
AcctColumnDef ASCENDDATARATE,Ascend-Data-Rate,Integer
AcctColumnDef CALLINGSTATIONID,Calling-Station-Id
AcctColumnDef CALLEDSTATIONID,Called-Station-Id
AcctColumnDef ISP,"XXXXX",literal
AcctFailedLogFileName %L/detail.newdb
</AuthBy>
<AuthBy RADIUS>
# Customer's Primary RADIUS server
Host XXX.XXX.XXX.101
Secret sharedsecret
AuthPort 1645
AcctPort 1646
StripFromRequest NAS-Port-Id,NAS-Port-Type
ReplyHook sub { ${$_[1]}->delete_attr('Framed-IP-Address'); }
LocalAddress XX.XX.XX.XXX
</AuthBy>
<AuthBy RADIUS>
# Customer's Backup RADIUS server
Host XXX.XXX.XXX.102
Secret sharedsecret
AuthPort 1645
AcctPort 1646
StripFromRequest NAS-Port-Id,NAS-Port-Type
ReplyHook sub { ${$_[1]}->delete_attr('Framed-IP-Address'); }
LocalAddress XX.XX.XX.XXX
</AuthBy>
</Handler>
------------------------------------------------------------- This email and the files transmitted with it are confidential and intended solely for the use of the individual or entity to which they are addressed. If you have received this email in error, please notify the sender.
This footnote also confirms that this email message and attachments have been scanned for the presence of computer viruses. -------------------------------------------------------------
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
