RE: (RADIATOR) rejection precedence

Sat, 29 Apr 2000 07:57:01 -0700 


The following outlines the test I wrote:

        AuthByPolicy ContinueWhileReject

          <AuthBy FILE>
        Filename %{GlobalVar:sportbrain_reject_file}
        </AuthBy>

        <AuthBy FILE>
        Filename %{GlobalVar:sportbrain_password_file}
        </AuthBy>


In the reject file:
reject User-Password="reject", Auth-Type="Reject:discontinued service"

In the password file:
reject User-Password="reject"

The user reject always PASSES.

If I copy the line from the reject file and put it in the password file,
rejection happens.

Or, if I change "Reject" to "Ignore" in the password file, I get a No Reply
message.

Or, if I change Reject to Ignore in the reject file, I get a No Reply
message.

These events suggests to me that the explicit rejection is not treated
differently than other rejections.

In addition, I am not getting the <msg> at the client if I have an Auth-Type
of "Reject:<msg>"
I am using mostly default behavior in the radpwtst client. For this reason
it was hard to determine what caused my rejection.
This prompted use of the Ignore Auth-Type to differentiate causes of
rejection.

-- Brian


-----Original Message-----
From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
Sent: Friday, April 28, 2000 5:23 PM
To: Brian Keefe; [EMAIL PROTECTED]
Subject: Re: (RADIATOR) rejection precedence



Hello Brian -

On Sat, 29 Apr 2000, Brian Keefe wrote:
> Which takes precedence?
>
> AuthByPolicy ContinueWhileReject
>
> or
>
> user1 User-Password="user1" Auth-Type="Reject:discontinued service"
>
>
> That is, if the Auth-Type for a user is Reject under a policy of
> ContinueWhileReject, does the user get rejected or does authentication
> continue?
>

The Auth-Type should take precedence. If it doesn't please let us know.

thanks

Hugh


--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.




===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to