El 10 Sep 2002 a las 9:27, Hugh Irvine escribió: > > Hello Mariano - > > The way that Radiator is designed allows you to specify a single AuthBy > clause and call it from multiple Handlers, using special characters for > the parameters, rather than specifying many different AuthBy clauses. > The special characters most often used are GlobalVars that have been > defined in the configuration file itself, or passed in from the command > line. But how could I parametrize them on a handler by handler basis within the same config file...
As far as I see, the "AuthBy <Identifier-name>" doesn't allow any parameters to be passed from the <Handler> to the <AuthBy>... or does it? What else (besides "Identifier") can I use in a %{Handler:name} within an AuthBy? What is the "scope" of GlobalVar and when are they set? That is, if I have the following: ====================================================== <Handler xxxx> Identifier foo DefineFormattedGlobalVar host abc AuthBy MyAuthby </Handler> <Handler yyyy> Identifier bar DefineFormattedGlobalVar host xyz AuthBy MyAuthby </Handler> <AuthBy Radius> Identifier MyAuthby Host %{GlobalVar:host} </AuthBy> ====================================================== Will it proxy to host abc if it comes from handler xxxx and to host xyz if it comes from handler yyyy? > > Note that for proxy radius targets, Radiator now supports the AuthBy > SQLRADIUS clause that allows you to maintain your target hosts in an SQL > database. > > regards > > Hugh > > > On Tuesday, September 10, 2002, at 06:16 AM, Mariano Absatz wrote: > > > El 6 Sep 2002 a las 9:42, Hugh Irvine escribió: > > > >> > >> Hello Mariano - > >> > >> I'm afraid I dont quite understand what you are wanting to do. > >> > >> Could you give me a bit more detail? > > Yup. > > > > I'm trying to generalize the way I write very similar proxies where > > maybe the only thing that > > changes is the proxied hosts/ports and where I log accounting > > failures... > > > > Since this stuff goes in a different <AuthBy Radius> (or <AuthBy > > LOADBALANCE> for that > > matter), I want to name (via "Identifier") each AuthBy and be able to > > recall that name within > > the AuthBy... > > > > In the manual (http://www.open.com.au/radiator/ref.html#pgfId=291148) I > > see that I can find > > out which client triggered a clause (%{Client:name}) and which handler > > did so > > (%{Handler:name}), but I might have several clients and several > > handlers going to the same > > AuthBy and the AuthBy itself would be the selector. > > > > Let's go by example... > > > > Suppose I currently have the following in my config file: > > > > =======================START OF (portion of) > > RADIUS.CFG====================== > > <AuthBy LOADBALANCE> > > Identifier Kind01 > > > > Retries 1 > > <Host 22.33.44.55> > > Secret aaaa > > AuthPort 1111 > > AcctPort 2222 > > </Host> > > <Host 22.33.44.66> > > Secret asdf > > AuthPort 2321 > > AcctPort 1234 > > </Host> > > > > AcctFailedLogFileName %L/ACCT-LOST/Kind01/%Y-%m-%d.log > > </AuthBy> > > > > <AuthBy LOADBALANCE> > > Identifier Kind02 > > > > Retries 3 > > <Host 22.33.44.55> > > Secret bbbb > > AuthPort 2231 > > AcctPort 2311 > > </Host> > > <Host 22.33.44.66> > > Secret qwert > > AuthPort 3333 > > AcctPort 4444 > > </Host> > > > > AcctFailedLogFileName %L/ACCT-LOST/Kind02/%Y-%m-%d.log > > </AuthBy> > > ========================END OF (portion of) > > RADIUS.CFG======================= > > > > > > > > > > > > I would like to change this to: > > > > > > ======================START OF (portion of) > > NEWRADIUS.CFG==================== > > <AuthBy LOADBALANCE> > > Identifier Kind01 > > > > include %D/Retries%{AuthName:Identifier}.cfg > > include %D/Hosts%{AuthName:Identifier}.cfg > > > > AcctFailedLogFileName %L/ACCT-LOST/%{AuthName:Identifier}/%Y-%m-%d.log > > </AuthBy> > > > > <AuthBy LOADBALANCE> > > Identifier Kind02 > > > > include %D/Retries%{AuthName:Identifier}.cfg > > include %D/Hosts%{AuthName:Identifier}.cfg > > > > AcctFailedLogFileName %L/ACCT-LOST/%{AuthName:Identifier}/%Y-%m-%d.log > > </AuthBy> > > =======================END OF (portion of) > > NEWRADIUS.CFG===================== > > > > ======================START OF RetriesKind01.cfg==================== > > Retries 1 > > =======================END OF RetriesKind01.cfg===================== > > > > ======================START OF HostsKind01.cfg==================== > > <Host 22.33.44.55> > > Secret aaaa > > AuthPort 1111 > > AcctPort 2222 > > </Host> > > <Host 22.33.44.66> > > Secret asdf > > AuthPort 2321 > > AcctPort 1234 > > </Host> > > =======================END OF HostsKind01.cfg===================== > > > > ======================START OF RetriesKind02.cfg==================== > > Retries 3 > > =======================END OF RetriesKind02.cfg===================== > > > > ======================START OF HostsKind02.cfg==================== > > <Host 22.33.44.55> > > Secret bbbb > > AuthPort 2231 > > AcctPort 2311 > > </Host> > > <Host 22.33.44.66> > > Secret qwert > > AuthPort 3333 > > AcctPort 4444 > > </Host> > > =======================END OF HostsKind02.cfg===================== > > > > > > > > Although this leads to a profussion of files, they are all parsed at > > startup and this allows > > me to modify things on a per AuthBy basis and keep it clean... Maybe > > give some people the > > possibility to edit some files and other people to edit other files... > > > > I might be dumb or crazy... but this kind of things helped me a lot in > > the past for keeping > > config files clean and ordered... > > > >> > >> thanks > >> > >> Hugh > >> > >> > >> On Friday, September 6, 2002, at 07:26 AM, Mariano Absatz wrote: > >> > >>> Hi Hugh, long time no see... > >>> > >>> I'm planning an installation with a bunch of front-end Radiator > >>> proxies > >>> (using <AuthBy LOADBALANCE>) to an(other) bunch of Radiator back-end > >>> servers > >>> that do the actual authentication against SQL servers. > >>> > >>> Now, the front-end farm has the "dispatching" intelligence and the > >>> back-end, > >>> the authentication intelligence... > >>> > >>> By "dispatching" I mean: > >>> "if it comes from such and such a NAS authenticate using of these > >>> back-end > >>> servers" > >>> "if the realm matches xxx authenticate against these bunch of > >>> back-ends" > >>> etc... > >>> > >>> I'm trying to generalize as much as possible and want to have short > >>> and > >>> easily manteinable config files, so I'm doing a bunch of identfied > >>> AuthBy's > >>> like this: > >>> > >>> <AuthBy LOADBALANCE> > >>> Identifier Kind01 > >>> > >>> include %{GlobalVar:ConfigDir}/RetriesKind01.cfg > >>> include %{GlobalVar:ConfigDir}/HostsKind01.cfg > >>> > >>> AcctFailedLogFileName %L/ACCT-LOST/Kind01/%Y-%m-%d.log > >>> </AuthBy> > >>> > >>> This would be the AuthBy to use for the "Kind01" kind of handlers... > >>> > >>> Is there a way to have a "per AuthBy" special that has the "AuthBy" > >>> Identfier? That is... a kind of "%{LocalVar:xxxx}" where the locality > >>> is wrt > >>> the AuthBy... > >>> > >>> Would %{Handler:Identifier} do that? or that would give me the > >>> Identifier of > >>> the Handler that called this AuthBy? > >>> > >>> Otherwise, would something along the lines of this work?: > >>> > >>> <AuthBy LOADBALANCE> > >>> DefineFormattedGlobalVar KIND Kind01 > >>> Identifier %{GlobalVar:KIND} > >>> > >>> include %{GlobalVar:ConfigDir}/Retries%{GlobalVar:KIND}.cfg > >>> include %{GlobalVar:ConfigDir}/Hosts%{GlobalVar:KIND}.cfg > >>> > >>> AcctFailedLogFileName %L/ACCT-LOST/%{GlobalVar:KIND}/%Y-%m-%d.log > >>> </AuthBy> > >>> > >>> <AuthBy LOADBALANCE> > >>> DefineFormattedGlobalVar KIND Kind02 > >>> Identifier %{GlobalVar:KIND} > >>> > >>> include %{GlobalVar:ConfigDir}/Retries%{GlobalVar:KIND}.cfg > >>> include %{GlobalVar:ConfigDir}/Hosts%{GlobalVar:KIND}.cfg > >>> > >>> AcctFailedLogFileName %L/ACCT-LOST/%{GlobalVar:KIND}/%Y-%m-%d.log > >>> </AuthBy> > >>> > >>> > >>> TIA. > >>> > >>> > >>> -- > >>> Mariano Absatz > >>> El Baby > >>> ---------------------------------------------------------- > >>> It said, "Insert disk #3," but only two will fit! > >>> > >>> > >>> === > >>> Archive at http://www.open.com.au/archives/radiator/ > >>> Announcements on [EMAIL PROTECTED] > >>> To unsubscribe, email '[EMAIL PROTECTED]' with > >>> 'unsubscribe radiator' in the body of the message. > >>> > >>> > >> > >> -- > >> Radiator: the most portable, flexible and configurable RADIUS server > >> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > >> - > >> Nets: internetwork inventory and management - graphical, extensible, > >> flexible with hardware, software, platform and database independence. > > > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > > > > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. -- Mariano Absatz El Baby ---------------------------------------------------------- Errors have been made. Others will be blamed. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.