Hello Robert -
On Tue, 31 Aug 1999, Robert Mann wrote:
> This is the last portion of my config file. The result I am looking for is
> as follows.
>
> We want to authenticate until we have an accept. We have two ISP's so what
> happens is that we try to authenticate from the primary ISP's radius server
> first and if authentication fails then it moves to the second ISP's radius
> server and try's to pass there.
>
Thanks for this - the problem you are seeing has to do with the asynchronous
nature of AuthBy RADIUS processing which is handled differently to all the
other AuthBy's. Basically what happens is this: when a request is passed to an
AuthBy RADIUS clause, the request is proxied out to the remote radius server
and we return from that clause immediately and continue processing as much as
we can. Then when the remote radius response arrives, we continue at that
point. Now what you are seeing is that *both* remote requests are sent, and
whichever one responds first is the one that gets returned to the client (the
second one also gets returned to the client). This is clearly not what you want.
We have discussed this issue here a couple of times and at the moment it is not
clear what the best approach to take is. Does anyone else have any comments to
make on this topic?
thanks
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
