Hello Steve -
I think you have misunderstood my suggestion. Using an AuthBy SQLRADIUS
clause will not speed up proxy operation - this is determined by the length
of time a given proxy target takes to respond. You question was whether there
was some way to speed up the evaluation of a long list of Handlers based on
Called-Station-Id, and my suggestions were to investigate either the AuthBy
SQLRADIUS clause, or the CalledStationId.pm module (contained in the goodies
directory). You will have to do some testing to ascertain whether or not
either of these will speed up the overall operation. I suggest you try a
simple example using the default configuration to see how long it takes
compared to your current setup.
In answer to your questions below,
1. you can specify a default host in the AuthBy SQLRADIUS clause - this is
just a warning, not an error
yes you need to specify the database with the usual DBSource, DBUsername and
DBSource lines
For the other questions, I think you need to do the testing described above
first to see whether or not the idea is worth pursuing.
regards
Hugh
On Sat, 13 Apr 2002 02:11, Steve Katen wrote:
> maybe this isn't that creative, but i cannot seem to get the logic to
> work. I have an AUTHBY RADIUS that works perfectly. However, it is too
> slow. To make it faster Hugh told me to try the AUTHBY SQLRADIUS idea, and
> so here I am.
>
> I need an AUTHBY SQLRADIUDS / HostSelect that will be able to handle the
> AUTHBY RADIUS below:
>
> <AuthBy RADIUS>
> Identifier CheckRemoteRadius
> IgnoreAccounting
> IgnoreReplySignature
> ServerHasBrokenAddresses
> RejectEmptyPassword
> NoForwardAccounting
> NoDefault
>
> #USERNAME = username
> #PASSWORD = password
> <Host xxx.xxx.xxx.xxx>
> Secret xxxx
> AuthPort 1812
> Retries 3
> RetryTimeout 20
> </Host>
> # FAILOVER SERVER
> <Host xxx.xxx.xxx.xxx>
> Secret xxxx
> AuthPort 1812
> Retries 3
> RetryTimeout 20
> </Host>
> ReplyHook
> file:"/usr/local/radiator/hooks/AllocateIPAddressOnReplyFromProxy" # FILTER
> NAME: STATIC-ALLOW
> AllowInReply
> Framed-IP-Address,Session-Timeout,Ascend-Data-Filter,Idle-Timeout
> AddToReply
> Service-Type=Framed-User,Framed-Protocol=PPP,Framed-Netmask=255.255.255.255
> </AuthBy>
>
> I have been able to get some information from the radiator documentation
> and I have gotten this far:
>
> <AuthBy SQLRADIUS>
> Identifier CheckRemoteRadius
> IgnoreAccounting
> IgnoreReplySignature
> ServerHasBrokenAddresses
> RejectEmptyPassword
> NoForwardAccounting
> NoDefault
> NumHosts 4
> HostSelect select TARGET_%0_AUTH, SHARED_SECRET, PORT, RETRIES,
> TIMEOUT from PROXY2 where TARGET_%0_AUTH<>"" and DNIS=
> substring('%{Called-Station-Id',7,4) and REALM='' and STATUS=1;
> replyHook
> file:"/usr/local/radiator/hooks/AllocateIPAddressOnReplyFromProxy"
> </AuthBy>
>
> However, I run across a couple problems:
> 1) When I restart radius I get this error: WARNING: No Hosts defined for
> Radius::AuthSQLRADIUS at /etc/radius.cfg line 120. Did I forget
> something? I am assuming I Need to tell the AUTHBY SQLRADIUS what database
> to use...
> 2) Can I dynamically load the IP address that is allocated based on the
> replyHook? Currently the IP address is allocated via the Handler. I need
> a way to pick the IP address out of different pools in the AUTHBY
> SQLRADIUS. 3) Can I dynamically load the AllowInReply and AddToReply
> attributes? As you see in the first AUTHBY RADIUS the attributes are
> there. However, in the AUTHBY SQLRADIUS they are not. They would need to
> be assigned by the DNIS.
>
> Any help would be greatly appreciated.
>
> katen
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
