Forum Discussion
jnantel
Nimbostratus
NimbostratusRADIUS iRule swam ps my RADIUS server
Seems like I am not getting any kind authentication caching with my iRULE. Each http object is generating a separate request to my radius server. My radius server in turn thinks it is under attack unl...
hoolio
Cirrostratus
CirrostratusHi,
Which LTM version are you running? I think one issue is that you're overwriting the same session table entry all of the time. Can you replace the HTTP_REQUEST and AUTH_SUCCESS code with this and retest?
when HTTP_REQUEST {
Check if a basic auth username and password were sent by client
if {[HTTP::username] ne "" and [HTTP::password] ne ""} {
Check if username/password are already in the session table
if {[session lookup uie [HTTP::username]] eq [HTTP::password]}{
Auth was already successful on previous request
log "HTTP_REQUEST adding header"
HTTP::header replace RADIUS_USER_NAME [HTTP::username]
} else {
Save the username and password for reference in the AUTH_ events
set user [HTTP::username]
set pass [HTTP::password]
log "HTTP_REQUEST do auth"
AUTH::username_credential $auth_sid [HTTP::username]
AUTH::password_credential $auth_sid [HTTP::password]
AUTH::authenticate $auth_sid
HTTP::collect
}
} else {
HTTP::respond 401
}
}
when AUTH_SUCCESS {
log "AUTH_SUCCESS start"
if {$auth_sid eq [AUTH::last_event_session_id]} {
Add the username and password to the session table for one hour
session add uie $user $pass 3600
HTTP::release
}
}
If you see any problems with that, can you uncomment/add log statements, reproduce the issue and then reply with the log output?
Thanks,
Aaron
