Re: [Help-gnu-radius] Fall-Through and databases

[Luis Miguel Navas Santos]

Hi again,

I have just one more doubt. As you said if a request containing
Calling-Station-Id= "983333333" is received, the first one will be rejected
due to the different number when checking the "check attributes". But when
checking for the password, the database will retrieve 2 rows and, as I have
seen in the database code, it considers it an error. So the authentication
will fail because it can't find the password (although in fact the retrieved
passwords are the same).

Regards,
Luis Miguel Navas

----- Original Message ----- 
From: "Sergey Poznyakoff" <address@hidden>
To: "Luis Miguel Navas Santos" <address@hidden>
Cc: <address@hidden>
Sent: Wednesday, June 30, 2004 10:46 AM
Subject: Re: [Help-gnu-radius] Fall-Through and databases


> Luis Miguel Navas Santos <address@hidden> wrote:
>
> > This is a sample of the users file:
> >
> > userX        Password = "pwdX", Calling-Station-Id= "983222222",
> > Service-Type = Framed-User
> >                 Framed-IP-Address = 10.0.0.10,
> >                 Framed-IP-Netmask = 255.255.255.255,
> >                 Idle-Timeout = 3600,
> >                 Fall-Through = Yes
> >
> > userX        Password = "pwdX", Calling-Station-Id= "983333333",
> > Service-Type = Framed-User
> >                 Framed-IP-Address = 10.0.0.10,
> >                 Framed-IP-Netmask = 255.255.255.255,
> >                 Idle-Timeout = 3600,
> >                 Fall-Through = Yes
> >
>
> In both cases Fall-Through is not needed. GNU Radius always selects
> the best matching entry. So, if the request contains
> Calling-Station-Id= "983333333", radius will not even try the first entry.
>
> > My question is the following: Providing that the auth_query must return
just
> > ONE row, is it possible to use the Fall-Through attribute or is there
any
> > other mechanism to allow this behavior?
>
> Given what I said above, there should be no problem with it.
>
> Regards,
> Sergey