3.32.1. AuthByPolicy Previous topic Parent topic Child topic Next topic

This parameter allows you to control the behaviour of multiple AuthBy clauses inside this AuthBy GROUP. In particular, it allows you to specify under what conditions Radiator will try the next AuthBy clause. If you only have one AuthBy clause, AuthByPolicy is not relevant and is ignored.
Recall that for a single Realm, Handler or AuthBy GROUP, you can specify more than one AuthBy clause. The normal behaviour of Radiator is to try to authenticate with the first one. If that authentication method either Accepts or Rejects the request, then Radiator will immediately send a reply to the NAS. If on the other hand the AuthBy ignores the request, then the next one will be tried. That is the normal and default behaviour, but with AuthByPolicy, you can change it. The permissible values of AuthByPolicy are:
  • ContinueWhileIgnore
    This is the default. Continue trying to authenticate until either Accept, Challenge or Reject
  • ContinueUntilIgnore
    Continue trying to authenticate until Ignore
  • ContinueWhileAccept
    Continue trying to authenticate as long as it is Accepted
  • ContinueUntilAccept
    Continue trying to authenticate until it is Accepted
  • ContinueWhileChallenge
    Continue trying to authenticate as long as it is Challenged
  • ContinueUntilChallenge
    Continue trying to authenticate until it is Challenged
  • ContinueWhileReject
    Continue trying to authenticate as long as it is Rejected
  • ContinueUntilReject
    Continue trying to authenticate until it is Rejected
  • ContinueWhileAcceptOrChallenge
    Continue trying to authenticate as long as it is either Accepted or Challenged
  • ContinueUntilAcceptOrChallenge
    Continue trying to authenticate until it is either Accepted or Challenged
  • Anything else
    Always do every authentication method. Returns the result of the last one.
# Authenticate with SQL, but if they are rejected 
# fall back to a flat file
AuthByPolicy ContinueWhileReject
<AuthBy SQL>
      ....
</AuthBy>
<AuthBy FILE>
      ....
</AuthBy>
You should note that you can only have one AuthByPolicy parameter, and it applies to all the AuthBy clauses. You cant change it between one AuthBy clause and another.
Tip
ContinueUntilAcceptOrChallenge is the most useful one when using EAP requests in an AuthBy GROUP with multiple internal AuthBys.