Hi Ralf, thanks for your note. Responses inline below....
On Monday 09 May 2011 05:24:08 pm Ralf Ertzinger wrote: > Hi all. > > As mentioned some time ago we have a customer interested in using > Radiator to authenticate against an existing Micros Fidelio infrastructure. > > Last week I was finally able to do an on site visit to test the basic > functionality of the system. > > Good news first: the Fidelio connector worked as expected, it was able > to connect to the Fidelio system without too much trouble and get the > guest data, and I was able to successfully authenticate against the > Radius server using that data. > > All tests were done using a TCP connection to the Fidelio server. > > However, there are some minor problems I would love to get out of the way. > > - Reload failure > When Radiator is reloaded using SIGHUP it throws away it's internal copy > of the Fidelio database. However, it does not cleanly shut down the TCP > connection, and it also does not send a LE (link end) message to the > Fildelio system. > When Radiator then reconnects to the Fidelio server the latter does > not consider the connection as "new", and assumes that the Radius > server already has a copy of the database. So the Radius server does > not receive a new copy of the database and ends up with no data at > all. > > Suggested fix (as recommended by the Micros engineer on site with > me): either send a LE (link end) record on connection shutdown, > or completely close the TCP connection. Preferrably both. Hmmmm. Tests here show that when a SIGHUP is received AuthFIDELIO reconnects and sends a link start and gets the latest database just fine. Nevertheless we have now made a change so that LE is sent and the TCP connection is closed during a SIGHUP, as suggested. It would be good if you could test this change at your location. > > Workaround: do a complete restart of the Radius server > > > - Keepalive > When the network connection between the Radius server and the Fidelio > server fails for some reason the Fidelio server aggressively times out > and closes the TCP connection when it cannot send database updates. > The Radius server may not notice this in a timely manner and thus may > not receive database update messages. > > Suggested fix (as recommended by the Micros engineer on site with > me): have the Radius server send LS (link start) messages in regular > intervals and wait for the Fidelio system to answer with LA (link > alive). OK. We disagree with the engineer. We think Radiator should send LA to check for connectivity, not LS. We have now made a change to send LA every 60 seconds (configurable). It would be good if you could test this change at your location. > > Workaround: this can be somewhat worked around by sending accounting > messages to the Fidelio system (in this particular setup accounting to > the Fidelio system is not part of the planned setup). Failure to send > an accounting message will cause a restart of the connection. > > > - Data mangle hook > This is more of a "nice to have". Provide a hook to mangle data received > from the Fidelio system before it is entered into the internal Radiator > database. Primary use case (for me) would be to lower case the guest > names. Not sure where you need this. A patch would be good. > > > I think I can provide a patch for the last point, but I have not found > an easy hook into the system reload functionality (from a module point > of view) or a way to regularily call a function from a module. If someone > could point me in the right direction I'd be quite grateful. Use &Radius::Select::add_timeout see the latest patch set for example in AuthFIDELIO.pm Cheers. -- Mike McCauley [email protected] Open System Consultants Pty. Ltd 9 Bulbul Place Currumbin Waters QLD 4223 Australia http://www.open.com.au Phone +61 7 5598-7474 Fax +61 7 5598-7070 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
