[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Help-gnu-radius] Thanks for your advices!
From: |
Gerald |
Subject: |
Re: [Help-gnu-radius] Thanks for your advices! |
Date: |
Mon, 15 Nov 2004 11:34:01 -0500 (EST) |
On Sat, 13 Nov 2004, Konst Konst wrote:
> Now, all works fine! A Mysql auth-tion return accepts and rejects.
> But! If Mysql will be "down" for some reasons, can I grant access at
> this time? Is it possible?
>From that beautiful manual that really does (or is supposed to) have all
the answers:
http://www.gnu.org/software/radius/manual/html_mono/radius.html#SEC20
Rules in an authentication list are ordered as follows: first go all the
profiles with the BEGIN label, followed by the profiles whose labels
match the User-Name literally, followed finally by the rules labeled
with the DEFAULT. (1)
Within each of the three sublists, the rules preserve the order in which
they appear in the `raddb/users' file. Once the list is constructed, it
is scanned sequentially until the rule is found whose LHS matches the
incoming request. If no such rule is found, the authentication fails.
Otherwise, the contents of its RHS are appended to the reply list being
constructed. If the RHS of the matched rule contains the attribute
Fall-Through with the value Yes, the matching continues. When the list
is exhausted, the authentication result is sent back to the NAS along
with the A/V pairs collected in the reply list.
Want your fall through to be something other than mysql, change mysql to
BEGIN and the put a default, or put two DEFAULT entries with the first
being mysql and the second being some other un/pw source.
Gerald