Hi, today I tried to write an PreAuthHook, which checks the Calling-Station-ID. I have stored the telephonenumbers also in the database.
The idea to check the calling_station_id was to compare the calling_station_id from the user with the calling_station_ids from the database. If the calling_staton_id from the user don't match one number from the database, the hook change the password from the user and the normal following authentication fails/reject's the user. At first I tested the hook with radpwtst script. With the script the hook reject a user if the calling_station_id is wrong. So all was working fine. The next step was to test it with a real NAS. But with this test the hook didn’t work. In the debug log and the accounting data I can see if I change attributes but the NAS get always an Access-Accept. Must I use an other command the change attributes? I tried it with ${$_[0]}->change_attr('....') and with ${$_[1]}->change_attr('...') An other idea was the use a PostAuthHook and use the ${$_[1]}->set_code('Access-Reject'). But this solution also didn't work. Are there any bugs in the Radiator version 2.16, which damages the hook's? I looked in the history of the next versions but I can't find any relevant information’s. # # PreAuthHook for Radiator # # Check if the caller_id is ok and deny or permit the user # sub { my $request = ${$_[0]}; my $reply = ${$_[1]}; # Get Username and split it in username and realmname my($realmusername)=$request->getUserName(); my($username,$realmname)=$realmusername=~/^(.+?)@(.+?)$/; my($dialok)=1; # Get Calling-Station-Id if not exist quit my($calling_station_id)=$request->get_attr('Calling-Station-Id'); if(!$calling_station_id) { return(); } # get the caller_id from database if caller_id not exist quit my($authby_handle)= Radius::AuthGeneric::find('callerid'); my($query)= "select * from snapshot where loginname='$username' AND realmname='$realmname'"; my($sth)= $authby_handle->prepareAndExecute($query); my($val)=$sth->fetchrow_hashref(); if(!$val->{caller_id}) { return(); } # check if caller_id is ok my(@callerid)=split(/,/,$val->{caller_id}); $calling_station_id=~s/^0*//; foreach(@callerid) { $dialok=0; s/^0*//; if($_ eq $calling_station_id) { $dialok=1; last; } } # if wrong calling_station_id change the password if ( not $dialok ) { ${$_[0]}->change_attr('User-Password',"xxx"); ${$_[1]}->change_attr('User-Password',"xxx"); #$reply->set_code ('Access-Reject'); } === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.