Hello Matt, Hello Steve -
Thanks for sending the files. The problem you have with the two Access-Accepts is because you have specified "NoForwardAuthentication" in the second AuthBy RADIUS clause. This will cause this AuthBy to always Accept any authentication request. This is not what you need - you should use "IgnoreAuthentication" instead (see section 6.29.11 in the manual). I apologise for not seeing this sooner. BTW - as has been mentioned in another posting you should consider using the AuthBy SQLRADIUS clause to manage large numbers of Called-Station-Id's. BTW2 - you should also consider running two instances of Radiator - one for authentication and the other for accounting - it will make your configuration files much simpler. regards Hugh On Tue, 8 Jan 2002 10:17, Matt Scifo wrote: > Hugh > > We have had some confusion regarding issuing dynamic ip's when using > AuthbyRADIUS in a proxy situation. We understand that once an > AuthbyRADIUS clause is processed, it returns immediatly to the nas > without waiting for a reply from the proxy server. In order to issue a > dynamic ip in this situation, either Synchronous mode or a ReplyHook > must be used according to the manual. Synchronous mode can severely > impact performance, even when specifying Fork. Our setup includes well > over a 100 handlers which are used based on called-station-id and/or > realm. We setup our handlers to use a ReplyHook instead of Synchronous > mode to assign a dynamic ip back to the nas. However, when using a > ReplyHook, an ip never gets sent back to the nas successfully. The > attached debug file (replyhook_example.log) shows that as soon as > AuthbyRADIUS sends the Access-Request to the proxy server, an > Access-Accept is sent back to our nas containing no attributes, even > with the ReplyHook. The nas then authenticates the user but assigns > them an IP of 0.0.0.0 and kicks him a few seconds later. As soon as the > proxy server responds, another response is sent to the nas with the > correct attributes, including the IP taken from our SQLAllocator, but is > dismissed by the nas because it already received a repsonse regarding > that session. > > Isn't the ReplyHook supposed to allow a dynamic IP to be sent back to > the nas even though the AuthbyRADIUS clause returns immediately? How is > it supposed to work? > > We then enabled Synchronous mode and everything worked fine. Radiator > waited for a response from the proxy server before sending a dynamic IP > with the reply back to the nas as shown in the attached debug file > (sync_example.log). However, using a ReplyHook is supposed to > circumvent the need to use Synchronous mode and still maintain the > ability to assign dynamic ip's. > > Also attached is our radius.cfg. Are we implementing the ReplyHook > (AllocateIPAddressOnReplyFromProxy taken from goodies/hooks.txt) > incorrectly? Can our needs be met without using Synchronous/Fork mode? > > Thanks > > Matt -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.