ClearBox Server™ v1.2 Developer's Guide

RADIUS Packet Forwarding

Proxy-forwarding of RADIUS packets begins from the point when IRADIUSRealmStripping::RADIUSRealmStrip method sets forwardPacket parameter to VARIANT_TRUE (see RADIUS Authentication Packet Processing article).

When Proxy Manager receives the packet which should be forwarded to a target server, first it applies a policy (if IRADIUSProxyPolicy interface is implemented), calling IRADIUSProxyPolicy::GetAutorejectAttributes to get AutoReject List of attributes which must be not present in packet being forwarded. If there are such attributes in the packet, user is rejected by ClearBox Server.

Next, IRADIUSProxyPolicy::GetReplaceAttributes is called to get from server extension list of attributes which should be added, replaced or changed in the original packet.

When modifications to the packet are made, ClearBox Servers gets a secret shared with target server, calling ICommonExtender::GetClientConnectionKey if that key is still not in the cache maintained by ClearBox Server. If no key is found, user is rejected if the packet is Authentication-Request, simple Accounting-Response is sent to the NAS otherwise.

Then packet is sent to the target server. If it was not sent successfully, it is resent several times with some time interval (these parameters, including address of the target server, are provided by IRADIUSRealmStripping::RADIUSRealmStrip). If all attempts to send packet have failed, user is rejected.

When response packet is received from the target server, a policy is applied to it (if IRADIUSProxyPolicy interface is implemented), calling IRADIUSProxyPolicy::GetAutorejectAttributes to get AutoReject List of attributes which must be not present in the received packet. If there are such attributes in the packet, user is rejected by ClearBox Server.

Next, IRADIUSProxyPolicy::GetReplaceAttributes is called to get from server extension list of attributes which should be added, replaced or changed in the original response packet.

Finally, the response packet is sent to the client.

See Also

Realms and packet forwarding


© 2001-2003 XPerience Technologies. www.xperiencetech.com

Created by chm2web html help conversion utility.