Hello - You don’t have to do anything - the second AuthBy RADIUS clause will send the reply to the NAS.
If you want to do more than that you will also need a ReplyHook in the second AuthBy RADIUS clause. regards Hugh > On 18 Jan 2016, at 18:15, SinTeZ Wh1te <sintezwh...@gmail.com> wrote: > > Hello Hugh! > > > Again note that your hook code will not see the result of the second AuthBy > > RADIUS clause. > > If hook code not see result how can I check that I received in reply from > second RADIUS server? > > What is necessary my boss. > 1) NAS send Access-Request to Radiator > 2) Radiator re-send Access-Request to primary RADIUS server > 3) If primary server reply Access-Reject with attribute Reply-Message = 1, > Radiator re-send Access-Request to secondary RADIUS server. If Reply-Message > > 1 - send Access-Reject to NAS. > 4) After secondary server reply - Radiator send reply to NAS > > Reply hook does it? > > 2016-01-15 1:42 GMT+03:00 Hugh Irvine <h...@open.com.au>: > > Hello - > > The first thing to understand is that the AuthBy RADIUS clause(s) operate > asynchronously. > > The hook code in your first AuthBy RADIUS clause will only execute when the > response is received for that clause. > > When the hook code calls the second AuthBy RADIUS clause it will exit without > waiting. > > As shown in the example, your hook code needs to alter the response. > > In this case you would change the response to IGNORE which will allow the > second AuthBy RADIUS clause to execute and return its result. > > > ….. > > $op->{RadiusResult} = $main::IGNORE; > > ….. > > Again note that your hook code will not see the result of the second AuthBy > RADIUS clause. > > hope that helps > > regards > > Hugh > > > > On 14 Jan 2016, at 23:34, SinTeZ Wh1te <sintezwh...@gmail.com> wrote: > > > > Thank Hugh and Heikki!!! > > > > How can I get RADIUS reply packet from secondary server in hook script??? > > Radiator send Access-Reject before secondary server reply. > > > > > > radius.cfg > > ................... > > <AuthBy RADIUS> > > Identifier Primary > > Host 10.0.6.151 > > Secret 123456 > > AuthPort 1812 > > AcctPort 1813 > > ReplyHook file:"/etc/radiator/AccessReject" > > </AuthBy> > > > > <AuthBy RADIUS> > > Identifier Secondary > > Host 10.0.6.152 > > Secret 123456 > > AuthPort 1812 > > AcctPort 1813 > > </AuthBy> > > > > <Handler> > > AuthBy Primary > > </Handler> > > ................... > > > > > > /etc/radiator/AccessReject > > ................... > > sub > > { > > my $p = ${$_[0]}; # proxy reply packet > > my $rp = ${$_[1]}; # reply packet to NAS > > my $op = ${$_[2]}; # original request packet > > my $sp = ${$_[3]}; # packet sent to proxy > > > > my $code = $p->code; > > &main::log($main::LOG_DEBUG, "Code = $code"); > > return unless $code eq 'Access-Reject'; > > > > if($code eq 'Access-Reject'){ > > my $authby = Radius::AuthGeneric::find('Secondary'); > > if (defined $authby) > > { > > &main::log($main::LOG_DEBUG, "========= > > HANDLE_REQUEST==========="); > > my ($rc, $reason) = $authby->handle_request($op, $rp); > > &main::log($main::LOG_DEBUG, "========= RC > > =========== $rc"); > > &main::log($main::LOG_DEBUG, "========= REASON > > =========== $reason"); > > if ($rc == 2) > > { > > &main::log($main::LOG_DEBUG, "========= > > ACCEPT ==========="); > > } > > else > > { > > &main::log($main::LOG_DEBUG, "========= > > REJECT ==========="); > > } > > } > > return; > > } > > } > > ................... > > > > radiator log > > ------------------- > > Thu Jan 14 15:22:08 2016: DEBUG: Packet dump: > > *** Received from 10.0.6.13 port 57565 .... > > Code: Access-Request > > Identifier: 0 > > Authentic: 1452774130 > > Attributes: > > User-Name = "testcoa10" > > User-Password = C<143>a<151>S<184>6g<9><5>:<191>i<244>O3 > > NAS-IP-Address = 10.0.6.13 > > NAS-Port = 1 > > NAS-Port-Id = "123" > > Service-Type = Framed-User > > Framed-Protocol = PPP > > Acct-Session-Id = "1" > > Calling-Station-Id = "0800.2727.0575" > > > > Thu Jan 14 15:22:08 2016: DEBUG: Handling request with Handler '', > > Identifier '' > > Thu Jan 14 15:22:08 2016: DEBUG: Deleting session for testcoa10, > > 10.0.6.13, 1 > > Thu Jan 14 15:22:08 2016: DEBUG: Handling with Radius::AuthRADIUS > > Thu Jan 14 15:22:08 2016: DEBUG: AuthBy RADIUS creates new local socket > > '0.0.0.0:0' for sending requests > > Thu Jan 14 15:22:08 2016: DEBUG: Packet dump: > > *** Sending to 10.0.6.151 port 1812 .... > > Code: Access-Request > > Identifier: 1 > > Authentic: 1452774130 > > Attributes: > > User-Name = "testcoa10" > > User-Password = C<143>a<151>S<184>6g<9><5>:<191>i<244>O3 > > NAS-IP-Address = 10.0.6.13 > > NAS-Port = 1 > > NAS-Port-Id = "123" > > Service-Type = Framed-User > > Framed-Protocol = PPP > > Acct-Session-Id = "1" > > Calling-Station-Id = "0800.2727.0575" > > > > Thu Jan 14 15:22:08 2016: DEBUG: AuthBy RADIUS result: IGNORE, > > Thu Jan 14 15:22:09 2016: DEBUG: Received reply in AuthRADIUS for req 1 > > from 10.0.6.151:1812 > > Thu Jan 14 15:22:09 2016: DEBUG: Packet dump: > > *** Received from 10.0.6.151 port 1812 .... > > Code: Access-Reject > > Identifier: 1 > > Authentic: <155><2><181><187><19>'<218><220>tK[\<224><137>,<194> > > Attributes: > > Reply-Message = "1" > > > > Thu Jan 14 15:22:09 2016: DEBUG: Code = Access-Reject > > Thu Jan 14 15:22:09 2016: DEBUG: ========= HANDLE_REQUEST=========== > > Thu Jan 14 15:22:09 2016: DEBUG: Handling with Radius::AuthRADIUS > > Thu Jan 14 15:22:09 2016: DEBUG: Packet dump: > > *** Sending to 10.0.6.152 port 1812 .... > > Code: Access-Request > > Identifier: 1 > > Authentic: 1452774130 > > Attributes: > > User-Name = "testcoa10" > > User-Password = C<143>a<151>S<184>6g<9><5>:<191>i<244>O3 > > NAS-IP-Address = 10.0.6.13 > > NAS-Port = 1 > > NAS-Port-Id = "123" > > Service-Type = Framed-User > > Framed-Protocol = PPP > > Acct-Session-Id = "1" > > Calling-Station-Id = "0800.2727.0575" > > > > Thu Jan 14 15:22:09 2016: DEBUG: ========= RC =========== 2 > > Thu Jan 14 15:22:09 2016: DEBUG: ========= REASON =========== > > Thu Jan 14 15:22:09 2016: DEBUG: ========= ACCEPT =========== > > Thu Jan 14 15:22:09 2016: INFO: Access rejected for testcoa10: 1 > > Thu Jan 14 15:22:09 2016: DEBUG: Packet dump: > > *** Sending to 10.0.6.13 port 57565 .... > > Code: Access-Reject > > Identifier: 0 > > Authentic: <175><159>4<197>i<159><11><252>}<247><174>[Cn<138><3> > > Attributes: > > Reply-Message = "Request Denied" > > > > Thu Jan 14 15:22:09 2016: DEBUG: Received reply in AuthRADIUS for req 1 > > from 10.0.6.152:1812 > > Thu Jan 14 15:22:09 2016: DEBUG: Packet dump: > > *** Received from 10.0.6.152 port 1812 .... > > Code: Access-Accept > > Identifier: 1 > > Authentic: T<10><218>9<16>F<167>A<168><127><187><20><9>!Q<127> > > Attributes: > > Acct-Interim-Interval = 300 > > Framed-IP-Address = 192.168.0.203 > > > > Thu Jan 14 15:22:09 2016: INFO: Access rejected for testcoa10: Proxied > > Thu Jan 14 15:22:09 2016: DEBUG: Packet dump: > > *** Sending to 10.0.6.13 port 57565 .... > > Code: Access-Reject > > Identifier: 0 > > Authentic: <149><142><227>Y<252>N<137>w<167><194>a<1>e<253>Kl > > Attributes: > > Reply-Message = "Request Denied" > > Acct-Interim-Interval = 300 > > Framed-IP-Address = 192.168.0.203 > > ------------------------------------- > > > > > > 2016-01-13 1:18 GMT+03:00 Hugh Irvine <h...@open.com.au>: > > > > Hello - > > > > See the example in “goodies/hooks.txt” in the Radiator 4.15 distribution. > > > > regards > > > > Hugh > > > > > > > On 12 Jan 2016, at 18:52, SinTeZ Wh1te <sintezwh...@gmail.com> wrote: > > > > > > Hello! > > > > > > I want to do if it's possible to proxy auth request in a > > > redundant fashion. > > > > > > On each requests, I want to proxy it to a primary server, if it's > > > success then move on. > > > If the auth fails (Access-Reject), I need to proxy Access-Request to a > > > secondary server > > > > > > Is it possible? > > > > > > Thanks! > > > _______________________________________________ > > > radiator mailing list > > > radiator@open.com.au > > > http://www.open.com.au/mailman/listinfo/radiator > > > > > > -- > > > > Hugh Irvine > > h...@open.com.au > > > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > > DIAMETER, SIM, etc. > > Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. > > > > > > > > > > -- > > С уважением, > > Александр Якунин > > _______________________________________________ > > radiator mailing list > > radiator@open.com.au > > http://www.open.com.au/mailman/listinfo/radiator > > > -- > > Hugh Irvine > h...@open.com.au > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER, SIM, etc. > Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. > > > > > -- > С уважением, > Александр Якунин -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator