Hello John -
On Thu, 01 Jun 2000, [EMAIL PROTECTED] wrote:
> I don't know if I can do this ...
>
> I'm authorizing out of two databases, both dbs are in a single realm,
> and both dbs are in the same group.
>
> It's setup with AuthByPolicy of ContinueUntilAccept, the user could
> be in *either* db, therefore if it's rejected by the first db, and
> accepted by the second then an accept is sent to the NAS ... just
> the behavior I'm looking for ..
>
> If it's rejected by the first db, but accepted by the second, then an
> accept is sent to the NAS, any db accept sends an accept to the NAS ..
>
> Accounting is the problem. It looks like ContinueUntilAccept also
> means that the accounting records are only written to the first db
> and then stops (it's accepted!!), never to write accounting records
> to the second db.
>
> What I want is radiator to write accounting records to BOTH dbs ....
>
> So I tried ContinueAlways ........
>
> If I set AuthByPolicy to ContinueAlways, I get the correct Accounting
> record behavior (it writes to both databases) BUT auth fails in this
> manner: First db accepts user ... so far so good, next database rejects
> user (user was only in first db, not second) and a reject is sent to
> the NAS ... NOT what I want!
>
> So .. is there a way to get a accept sent to the NAS if the user is in
> only one of the two databases AND get radiator to write accounting
> records to BOTH databases?
>
Sure - easy. Do something like this:
# configuration to save accounting to two databases
# and authenticate from one or the other
<AuthBy SQL>
Identifier DatabaseOne
DBSource ....
DBUsername .....
DBAuth ....
....
</AuthBy>
<AuthBy SQL>
Identifier DatabaseTwo
DBSource ....
DBUsername .....
DBAuth ....
....
</AuthBy>
<Handler Request-Type = Accounting-Request>
AuthByPolicy ContinueAlways
AuthBy DatabaseOne
AuthBy DatabaseTwo
</Handler>
<Handler>
AuthByPolicy ContinueUntilAccept
AuthBy DatabaseOne
AuthBy DatabaseTwo
</Handler>
Note the usual caveats regarding not mixing Realms and Handlers. Note also that
the latest version of Radiator is 2.16 (Request-Type checking appeared in 2.15).
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
