'Re: h323-ivr-out'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       freeradius-devel
Subject:    Re: h323-ivr-out
From:       Dean Anderson <dean () av8 ! com>
Date:       2002-01-31 21:26:51
[Download RAW message or body]

Authentication (authenticate-only) just checks password and responds.
Authorization checks all the check attributes, and responds.

I don't think he can do what he is describing.


		--Dean

On Fri, 2 Nov 2001 aland@striker.ottawa.on.ca wrote:

>  radius@palosanto.com wrote:
> > Has anybody used h323-ivr-out of the in the Cisco-AVPairs? Is there
> > anything special that I have to do to use this attribute?. My RADIUS
> > client is sending me this h323-ivr-out attribute. I must distinguish
> > the value of this attribute in order to know whether this is an
> > authentication or authorization request.
>
>  It should be treated just like any other attribute.
>
> > What I have in my users file is:
> >
> > user1        Password == \"password\", Cisco-AVPair=~\"h323-ivr-out=PATTERN1*\"
>
>   Why are you escaping the double quotes?
>
>   Also, the preprocess module *may* re-write the Cisco-AZPair
> attributes.  See 'with_cisco_vsa_hack' in raddb/radiusd.conf.  You
> probably want this set to 'no'.
>
> > Basically,what I want to do is send the first group of attributes
> > when the h323-ivr-out is something containing PATTERN1* and send the
> > second set or attributes if it is something like PATTERN2*. The
> > first group of attributes will be used for authentication and the
> > second for authorization. That is, my RADIUS client sends me
> > h323-ivr-out=PATTERN1* for authentication and h323-ivr-out=PATTERN2*
> > for authorization.
>
>   That's not the way I understand RADIUS to work.  RADIUS does NOT
> have a concept of 'authorization'.  It only knows about
> authentication.
>
>   Is the NAS actually sending two Access-Request packets?
>
> > What I get now is that the freeradius server sends the first group
> > of attributes first (the ones with the AVPair conditional list
> > PATTERN1) for authentication (which is ok) and then for
> > authorization it does not send the first group of attributes but
> > rather the second group again.
>
>   That doesn't make sense to me.  Isn't that what you wanted it to do?
>
>   Alan DeKok.
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
>


- 
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/devel.html
[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic