3.54.1. HostSelect Previous topic Parent topic Child topic Next topic

This parameter defines the SQL statement that is run to determine the details of the target RADIUS server. It is run for each request that is handled by the AuthBy. If no reply is received by the target RADIUS server for a given request, it is rerun to find a secondary server, and so on until either HostSelect returns no more rows, or the number of times exceeds NumHosts.
If HostSelect returns no rows, and if <AuthBy SQLRADIUS> contains <Host xxxxxx> clauses, then the request is proxied according to the <Host> clauses in order, the same as with <AuthBy RADIUS>. This is a useful catchall for unknown realms, and could be used to proxy to a GoRemote (GRIC) server or similar.
HostSelect is expected to return at least the target host name/address and the shared secret in that order. Optionally, you can also fetch a number of other columns to control the proxying process, including RetryCount, target ports and such. The columns fetched by HostSelect are used to determine the following <AuthBy RADIUS> Host parameters in this order. Any column that is NULL is ignored.
  • Target host name or IP address
  • Secret
  • AuthPort
  • AcctPort
  • Retries
  • RetryTimeout
  • UseOldAscendPasswords
  • ServerHasBrokenPortNumbers
  • ServerHasBrokenAddresses
  • IgnoreReplySignature
  • Failure policy
    This is an integer in the range 0 to 4 inclusive that indicates what sort of reply to send to the NAS in the event that proxying fails. You can use this to determine how to handle the failure of a downstream RADIUS server. The integers mean the following replies:
    • 0: ACCEPT
    • 1: REJECT
    • 2: IGNORE
    • 3: CHALLENGE
  • FailureBackoffTime
  • MaxFailedRequests
  • MaxFailedGraceTime
For more information about how these attributes are used to control proxying, see Section 3.37. <Host xxxxxx> within <AuthBy RADIUS>.
HostSelect can contain any of the special characters. For more information, see Section 3.1. Special characters. Also, %0 is replaced by the current host counter for this request. The counter starts with the value of StartHost which defaults to 1. You can therefore use %0 to select a different column each time HostSelect is run. %1 is replaced with SQL quoted realm.
The default value is:
HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT,\
RETRIES, RETRYTIMEOUT, USEOLDASCENDPASSWORDS, \
SERVERHASBROKENPORTNUMBERS,SERVERHASBROKENADDRESSES, \
IGNOREREPLYSIGNATURE, FAILUREPOLICY from RADSQLRADIUS \
where TARGETNAME=%1
The default value works with the example tables supplied in goodies/*.sql. Note that this allows for up to 2 target hosts per Realm, primary and secondary, and that the Realm to match goes in the TARGETNAME column.
Note
Details about failure history, backoff times and such are cached within Radiator memory, not in the SQL database.

Example

If you have a simple SQL table with one target host per Realm, <AuthBy SQLRADIUS> contains:
HostSelect select HOST%0, SECRET, AUTHPORT, ACCTPORT, RETRIES,\
RETRYTIMEOUT, USEOLDASCENDPASSWORDS, \
SERVERHASBROKENPORTNUMBERS, SERVERHASBROKENADDRESSES, \
IGNOREREPLYSIGNATURE, FAILUREPOLICY from RADSQLRADIUS where TARGETNAME=?
HostSelectParam %1
NumHosts 1

Example

If you want to choose the target RADIUS server based on Called- Station-Id and Realm, and multiple Called-Station-Ids can map to the same target RADIUS servers, and if the target has a primary and a secondary RADIUS server, you can use the example RADSQLRADIUS and RADSQLRADIUSINDIRECT tables, plus an <AuthBy SQLRADIUS> containing:
HostSelect select R.HOST%0, R.SECRET, R.AUTHPORT, \
R.ACCTPORT, R.RETRIES, R.RETRYTIMEOUT, \
R.USEOLDASCENDPASSWORDS, R.SERVERHASBROKENPORTNUMBERS, \
R.SERVERHASBROKENADDRESSES, R.IGNOREREPLYSIGNATURE, \
R.FAILUREPOLICY from RADSQLRADIUS R, RADSQLRADIUSINDIRECT I \
where I.SOURCENAME=? and I.TARGETNAME=R.TARGETNAME
HostSelectParam %{Called-Station-Id}
NumHosts 2