[prev in list] [next in list] [prev in thread] [next in thread]
List: sr-dev
Subject: [Serdev] auth_radius lack of documentation and behaviour issue
From: reticent <tavis.lists () galaxytelecom ! net>
Date: 2005-08-29 20:55:01
Message-ID: 43137625.2080609 () galaxytelecom ! net
[Download RAW message or body]
I just wanted to mention my experiences with auth_radius because of the
difficulties i had with it.
The main issue was with the documentation, one section in particular:
" Before sending the request to the radius server we perform some sanity
checks over the credentials to make sure that only well formed
credentials will get to the server".
This is a heck of lot more substantial than it sounds, i think it would
be really helpful to document exactly what "sanity checks" are performed.
In my case i was having a problem because my test UAC's were interacting
with "dev1.domain.com" and i was using a:
--
if ( !radius_proxy_authorize("domain.com") )
{
proxy_challenge("domain.com", "1");
}
--
stanza in the authorization section of my ser config. This fails
because the credentials realm is different from the URI host. I'm using
this config because my clients will be referencing my server using
different domain names however i want the authentication database to be
domain agnostic.
The second issue is that the auth_radius module doesn't alter its logic
when its given a domain to compare against and skip or alter the
"Credentials vs URI HOST" check.
I was using this same logic with auth_db without issue
Anyways, i suppose its a feature but it sure caused me alot of grief
untill i figured out what was happening =D and i'm still unsure as to
how i can emulate the old behaviour as it is ideal in my situation.
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic