This tip is just for the archive and fyi, in the hopes that it might help
someone out.
You can get confusing results when using a configuration similar to the
following:
<AuthBy GROUP>
AuthByPolicy ContinueWhileReject
<AuthBy RADIUS>
...
</AuthBy>
<AuthBy RADIUS>
...
</AuthBy>
</AuthBy>
The AuthByPolicy docs say that each Auth will be tried in turn, according to
the Policy specified. The problem is that Radiator handles AuthBy RADIUS
differently than it does other AuthBys: it doesn't wait for the reply from
the proxy before moving on.
What we wanted was to proxy to one provider, and if they are rejected there,
try the other provider (we just acquired another ISP with a separate
authentication pool, etc). So what happened to us was that we got crazy,
intermingled results, like:
Code: Access-Accept
Identifier: 136
Authentic: 1234567890123456
Attributes:
Reply-Message = "Request Denied"
Service-Type = Framed-User
Framed-Protocol = PPP
Idle-Timeout = 1200
Crazy!
So anyway, the solution is to put to Synchronous flag in the first AuthBy
RADIUS, such as:
<AuthBy GROUP>
AuthByPolicy ContinueWhileReject
<AuthBy RADIUS>
Synchronous
...
</AuthBy>
<AuthBy RADIUS>
...
</AuthBy>
</AuthBy>
That does wonders.
Dave
:)
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
