This tip is just for the archive and fyi, in the hopes that it might help
someone out.

You can get confusing results when using a configuration similar to the
following:

<AuthBy GROUP>

        AuthByPolicy    ContinueWhileReject

        <AuthBy RADIUS>
                ...
        </AuthBy>
        <AuthBy RADIUS>
                ...
        </AuthBy>

</AuthBy>

The AuthByPolicy docs say that each Auth will be tried in turn, according to
the Policy specified. The problem is that Radiator handles AuthBy RADIUS
differently than it does other AuthBys: it doesn't wait for the reply from
the proxy before moving on. 

What we wanted was to proxy to one provider, and if they are rejected there,
try the other provider (we just acquired another ISP with a separate
authentication pool, etc). So what happened to us was that we got crazy,
intermingled results, like:
        
        Code:       Access-Accept
        Identifier: 136
        Authentic:  1234567890123456
        Attributes:
                Reply-Message = "Request Denied"
                Service-Type = Framed-User
                Framed-Protocol = PPP
                Idle-Timeout = 1200

Crazy!

So anyway, the solution is to put to Synchronous flag in the first AuthBy
RADIUS, such as:

<AuthBy GROUP>

        AuthByPolicy    ContinueWhileReject

        <AuthBy RADIUS>
                Synchronous
                ...
        </AuthBy>
        <AuthBy RADIUS>
                ...
        </AuthBy>

</AuthBy>

That does wonders.

Dave
:)

===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to