[rbak-nsp] CLIPS session in context depending on RADIUS

Arjan Van Der Oest Arjan at voiceworks.nl
Tue Dec 21 18:05:41 EST 2010


Stefano/David,

Many thanks. I've deleted some parts of the config and substituted the pieces of Stefano. And now it works. I'm not exacty sure what is the change that fixed it, I saved all previous configs so I'll do some rolling-back and forward tomorrow and see what fixed it.

For now I can go to sleep, peacefully... Lots to do and learn tomorrow, SEOS is a strange platform. Not sure wether I'm going to love or hate it <eg>...

Merry christmas and thank you.
-- 
Met vriendelijke groet,

Arjan van der Oest
Senior Network & Systems Engineer / Security Officer

Voiceworks BV - Editiestraat 29 - 1321 NG Almere
Mobile : (+31) (0)36 7600 197
Voiceworks winnaar Gouden FD Gazelle Award 2010 http://bit.ly/eksf8V

On 21Dec, 2010, at 23:10 , David Freedman wrote:

> I think what Stefano is trying to say, is that there is currently no way in
> a context of specifying that AAA should come from another context.
> 
> There is however a way of telling a context that it should refer the AAA to
> the settings in the global config (for instance, when the context itself is
> completely private and can't reach any AAA platforms of its own)
> In this case, you can have the AAA performed by the main box (global) and
> return the result to the asking context.
> 
> When you configure the AAA for the whole box (global) you can specify a
> context through which the settings and reachability will be taken, in most
> cases, your box is managed via the local context (or a dedicated management
> context) and the radius servers and routing will be set up here (since, you
> can't actually configure radius servers outside of a context, give it a try)
> 
> In Stefano's example, he is instructing you to point your user context
> (AUTHENTICATION) at "global" and to delegate that "global" uses the context
> called "local" for radius server settings and routing
> 
> 
> Dave.
> 
> On 21/12/2010 19:51, "Arjan Van Der Oest" <Arjan at voiceworks.nl> wrote:
> 
>> But all I'm able to configure global is a pointer to the local concept. There
>> is no AAA server configured in global config...
> 
> --
> 
> David Freedman
> Group Network Engineering
> 
> david.freedman at uk.clara.net
> Tel +44 (0) 20 7685 8000
> 
> Claranet Group
> 21 Southampton Row
> London - WC1B 5HA - UK
> http://www.claranet.com
> 
> Company Registration: 3152737 - Place of registration: England
> 
> All the information contained within this electronic message from Claranet
> Ltd is covered by the disclaimer at http://www.claranet.co.uk/disclaimer
> 
> 




More information about the redback-nsp mailing list