Hi,
I need to configure Radiator to allocate Dynamic IP's but we are already
using multiple AuthBy's with ContinueWhileReject. Our current handler
would be:
<Realm>
AuthByPolicy ContinueWhileReject
AuthBy LdapAuthenticator
AuthBy TooManyFail
</Realm>
Where if the request is rejected it will check the "TooManyFail" AuthBy
which connect the user in a walled garden if they have spammed too many
failed auths.
Now for DYNADDRESS we would need to use ContinueWhileAccept instead
which would break our current TooManyFail auth check:
<Realm>
AuthByPolicy ContinueWhileAccept
AuthBy LdapAuthenticator
<AuthBy DYNADDRESS>
AddressAllocator SQLAllocator
</AuthBy>
</Realm>
How would I go about implementing Dynamic IP allocation and a 2nd authby
to return a generic walled garden answer when they have too many
failures? I was thinking either:
1. Put a PostAuthHook or PostProcessingHook (not sure which) in our
current Realm which checks to see if the reply is an ACCEPT with no
Framed-IP-Address, and if so allocate a Dynamic IP. Would also require
config in accounting handler to deallocate IP.
2. Setup our realm as in the 2nd example and have a PostAuthHook or
PostProcessingHook which checks to see if the response is a REJECT. If
it is then check to see if they are in our 'badlist' and if so modify
the access response to an Accept with the walled garden attributes?
Are both of these 2 solutions valid? If so what are your thoughts on
the them - is one much better than the other? I have not implemented
any hooks so far (or any Perl programming for that matter) so any advice
and pointers appreciated.
Thanks.
Jim.
_______________________________________________
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
