Hello all,
I am trying to take the username (including realm or not) that comes in
from the packet, strip the realm and then put on a new one based on the
radius client that is providing the packet. I have the following in a
client block:
<Client 127.0.0.1>
RewriteUsername s/^([^@]+).*/$1/
Secret mysecret
PreHandlerHook sub { ${$_[0]}->change_attr('Realm','home'); \
my $request = ${$_[0]}; \
my $attrref = $request->{Attributes}; \
my @attr = @$attrref; \
foreach (@attr) { \
my @attr2 = @$_; \
my $attr3; \
foreach $attr3 (@attr2) { \
print "attribute is '$attr3'\n"; \
}\
}\
}
</Client>
Mostly, what happens is I try and use the 'change_attr' method to change
the realm from whatever it was to 'home'. However, when I tried then
using a <Handler Realm = home> block, it never noticed the new realm,
and continued with the old realm as per the following log file segment:
attribute is 'User-Name'
attribute is 'hamlin'
attribute is 'Service-Type'
attribute is 'Framed-User'
attribute is 'NAS-IP-Address'
attribute is '203.63.154.1'
attribute is 'NAS-Port'
attribute is '1234'
attribute is 'Called-Station-Id'
attribute is '123456789'
attribute is 'Calling-Station-Id'
attribute is '987654321'
attribute is 'NAS-Port-Type'
attribute is 'Async'
attribute is 'Framed-IP-Address'
attribute is '255.255.255.254'
attribute is 'User-Password'
attribute is 'ϸfß5pö¼8 Ø}x'
attribute is 'Realm'
attribute is 'home'
Wed Jul 11 10:45:34 2001: DEBUG: Packet dump:
*** Received from 65.13.83.72 port 1027 ....
Code: Access-Request
Identifier: 124
Authentic: 1234567890123456
Attributes:
User-Name = "[EMAIL PROTECTED]"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
Framed-IP-Address = 255.255.255.254
User-Password =
"<207><184>f<154><223>5p<246><188>8<9><160><216>}x<153>"
Wed Jul 11 10:45:34 2001: DEBUG: Rewrote user name to hamlin
Wed Jul 11 10:45:34 2001: DEBUG: Check if Handler Realm = home should be
used to handle this request
Wed Jul 11 10:45:34 2001: DEBUG: Check if Handler should be used to
handle this request
Wed Jul 11 10:45:34 2001: DEBUG: Handling request with Handler ''
Wed Jul 11 10:45:34 2001: DEBUG: Deleting session for
[EMAIL PROTECTED], 203.63.154.1, 1234
As you can see, when printing out attributes, it shows the Realm to be
'home', and later when doing the packet dump, the username is
[EMAIL PROTECTED] as it was sent from the radius client. Maybe this is
not possible, which would be OK I have other ideas to work around it.
But now I'm curious.
Griff Hamlin, IIII
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.