Re: (RADIATOR) forwarding Accounting & Authorization

Thu, 19 Oct 2000 03:12:10 -0700 


Hello Ricardo -

On Thu, 19 Oct 2000, Ricardo Sousa wrote:
> On Thu, Oct 19, 2000 at 07:57:22PM +1100, Hugh Irvine wrote:
> > 
> > Hello Ricardo -
> > 
> > Thanks for sending the company information.
> > 
> > > 
> > >    I have the following setup: We have our local users on LDAP and an
> > > accounting db using PostgresSQL. Recentely we had to integrate with another
> > > network and need to forward requests to them. As there is no way to separate
> > > them I setup things like this
> > > 
> > > <Handler Request-Type = Accounting-Request >
> > >   AuthBy SQLAccounting
> > > </Handler>
> > > 
> > > <Handler>
> > >   <AuthBy GROUP>
> > >   AuthByPolicy ContinueWhileReject
> > >   AuthBy LDAPAuthentication
> > >   AuthBy remote
> > >   </AuthBy>
> > > </Handler>
> > > 
> > > The problem is that now, I need to forward the Accounting too.
> > > 
> > 
> > You can do it like this:
> Well, yes, that would work. Except that we just wanted to forward the 
Accounting for those who had been authenticated by remote. If we forward also
our traffic it will mess their statistics up. Do you see anyway of just
forwarding that accounting? The only way I see is to keep some sort of state
between the Auth-Request and the Acct-request, which wouldn't be so easy to
implement. > 

In that case, you would do this:

# configure AuthBy RADIUS for remote
# use Class attribute for accounting

<AuthBy RADIUS>
        Identifier remote
        Host ....
        Secret ....
        .....
        AddToReply Class = remote
</AuthBy>
        
<Handler Request-Type = Accounting-Request, Class = remote>
        AuthBy remote
</Handler>

<Handler Request-Type = Accounting-Request >
        AuthBy SQLAccounting
</Handler>

<Handler>
        AuthByPolicy ContinueWhileReject
        AuthBy LDAPAuthentication
        AuthBy remote
</Handler>

hth

Hugh

-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to