Hello Matt -
No there is no limit to the number of Realms or Handlers, however Handlers
are evaluated individually in the order they appear in the configuration file.
(Realms are looked up directly in a table.)
The alternative is to run two levels of radius servers, the first one will
only match on "Called-Station-Id" and will proxy to another instance of
Radiator (either on this box or another box) which will then do the
distribution to the the various Realms. There is a special module in the
"goodies" directory to do exactly this, called "CalledStationId.pm". It is
used instead of a Realm or Handler, like this:
# define special clauses for Called-Station-Id
<CalledStationId 1111111>
.....
</CalledStationId>
<CalledStationId 2222222>
......
</CalledStationId>
.....
The CalledStationId.pm module must be copied into the "Radius" subdirectory
(and installed if required) to make it available for use.
Handlers are evaluated in the order they appear in the configuration file, so
you should have the most often used ones first and the less used ones towards
the end. The other thing to keep in mind is that the more specific Handlers
must appear *before* the more general ones so they get evaluated properly.
hth
Hugh
On Monday 17 September 2001 10:57, Matt Scifo wrote:
> Hugh,
>
> Is there a max number of handlers that I can have in a cfg? To implement
> two-stage proxy the way you suggested, I will end up having approx. 500
> handler clauses. Does the number of clauses in the cfg file effect the
> performance of radiator?
>
> Matt
>
> -----Original Message-----
> From: Hugh Irvine [mailto:[EMAIL PROTECTED]]
> Sent: Friday, September 14, 2001 2:01 AM
> To: Matt Scifo; [EMAIL PROTECTED]
> Subject: Re: (RADIATOR) Multiple realms in handler
>
>
>
> Hello Matt -
>
> On Friday 14 September 2001 10:32, Matt Scifo wrote:
> > Hello
> >
> > Can anyone tell me if this is possible to implement?
> >
> > Two-Stage Proxy
> > * All Requests initially parsed by Called-Station-Id
> > * Option of then parsing requests, within a single Realm to match a
> > set of criteria based on "@realm" username identifiers
> >
> > ---------------------------------------
> > #Use regexp for called-station-id
> > <Handler Called-Station-Id = /\d{4}$/>
> > #If user@realm1, then do this
> > <Realm realm1>
> > <AuthBy RADIUS>
> > Host host1
> > Secret secret1
> > </AuthBy>
> > </Realm>
> >
> > #If user@realm2, then do this
> > <Realm realm2>
> > <AuthBy RADIUS>
> > Host host2
> > Secret secret2
> > </AuthBy>
> > </Realm>
> >
> > #If user@realm3, then do this
> > <Realm realm3>
> > <AuthBy RADIUS>
> > Host host3
> > Secret secret3
> > </AuthBy>
> > </Realm>
> >
> > #If realm not found above
> > <Realm DEFAULT>
> > <AuthBy RADIUS>
> > Host host1
> > Secret secret1
> > </AuthBy>
> > </Realm>
> > </Handler>
>
> You will need to specify multiple Handlers, like this:
>
> <Handler Called-Station-Id = /\d{4}$/, Realm = realm1>
> .....
> </Handler>
>
> <Handler Called-Station-Id = /\d{4}$/, Realm = realm2>
> .....
> </Handler>
>
> <Handler Called-Station-Id = /\d{4}$/, Realm = realm3>
> .....
> </Handler>
>
> <Handler Called-Station-Id = /\d{4}$/>
> .....
> </Handler>
>
> regards
>
> Hugh
>
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
