Hello Atto -
You would simply use a regular expression like this: someuser Calling-Station-Id = /11223344|556677|889900|..../ regards Hugh On Sat, 12 Jan 2002 00:39, Atto Lorenz wrote: > The problem is, that I can define only one calling-station-id in the check > attributes. But the user is allowed to call from up to fife numbers. > > > -----Original Message----- > > From: Hugh Irvine [mailto:[EMAIL PROTECTED]] > > Sent: Friday, January 11, 2002 2:38 AM > > To: Atto Lorenz; [EMAIL PROTECTED] > > Cc: Atto Lorenz; [EMAIL PROTECTED] > > Subject: Re: (RADIATOR) problem with changing attributes during an > > PreAuthHook > > > > > > > > Hello Atto - > > > > Why don't you just use a check item in the user definition? > > > > someuser Calling-Station-Id = 11223344 > > > > Your AuthBy SQL clause would look something like this: > > > > <AuthBy SQL> > > ..... > > AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \ > > from SUBSCRIBERS where USERNAME = '%n' > > AuthColumnDef 0, Password, check > > AuthColumnDef 1, GENERIC, check > > AuthColumnDef 2, GENERIC, reply > > ..... > > </AuthBy> > > > > BTW - the latest version of Radiator is 2.19 and you should > > really consider > > upgrading. > > > > Have a look at section 6.28 in the Radiator 2.19 reference manual. > > > > regards > > > > Hugh > > > > On Thu, 10 Jan 2002 20:31, Atto Lorenz wrote: > > > Hi, > > > > > > today I tried to write an PreAuthHook, which checks the > > > > Calling-Station-ID. > > > > > I have stored the telephonenumbers also in the database. > > > > > > The idea to check the calling_station_id was to compare the > > > calling_station_id from the user with the calling_station_ids from the > > > database. If the calling_staton_id from the user don't match one number > > > from the database, the hook change the password from the user and the > > > normal following authentication fails/reject's the user. > > > > > > At first I tested the hook with radpwtst script. With the > > > > script the hook > > > > > reject a user if the calling_station_id is wrong. So all was > > > > working fine. > > > > > The next step was to test it with a real NAS. But with this > > > > test the hook > > > > > didn’t work. In the debug log and the accounting data I can see > > > > if I change > > > > > attributes but the NAS get always an Access-Accept. > > > > > > Must I use an other command the change attributes? I tried it with > > > ${$_[0]}->change_attr('....') and with ${$_[1]}->change_attr('...') > > > > > > An other idea was the use a PostAuthHook and use the > > > ${$_[1]}->set_code('Access-Reject'). But this solution also didn't > > > work. > > > > > > Are there any bugs in the Radiator version 2.16, which damages > > > > the hook's? > > > > > I looked in the history of the next versions but I can't find > > > > any relevant > > > > > information’s. > > > > > > # > > > # PreAuthHook for Radiator > > > # > > > # Check if the caller_id is ok and deny or permit the user > > > # > > > sub > > > { > > > my $request = ${$_[0]}; > > > my $reply = ${$_[1]}; > > > > > > # Get Username and split it in username and realmname > > > my($realmusername)=$request->getUserName(); > > > my($username,$realmname)=$realmusername=~/^(.+?)@(.+?)$/; > > > my($dialok)=1; > > > > > > # Get Calling-Station-Id if not exist quit > > > > my($calling_station_id)=$request->get_attr('Calling-Station-Id'); > > > > > if(!$calling_station_id) > > > { > > > return(); > > > } > > > > > > # get the caller_id from database if caller_id not exist quit > > > my($authby_handle)= Radius::AuthGeneric::find('callerid'); > > > my($query)= "select * from snapshot where > > > > loginname='$username' AND > > > > > realmname='$realmname'"; > > > my($sth)= $authby_handle->prepareAndExecute($query); > > > my($val)=$sth->fetchrow_hashref(); > > > > > > if(!$val->{caller_id}) > > > { > > > return(); > > > } > > > > > > # check if caller_id is ok > > > my(@callerid)=split(/,/,$val->{caller_id}); > > > $calling_station_id=~s/^0*//; > > > foreach(@callerid) > > > { > > > $dialok=0; > > > s/^0*//; > > > if($_ eq $calling_station_id) > > > { > > > $dialok=1; > > > last; > > > } > > > } > > > > > > # if wrong calling_station_id change the password > > > if ( not $dialok ) { > > > ${$_[0]}->change_attr('User-Password',"xxx"); > > > ${$_[1]}->change_attr('User-Password',"xxx"); > > > #$reply->set_code ('Access-Reject'); > > > } > > > > > > === > > > Archive at http://www.open.com.au/archives/radiator/ > > > Announcements on [EMAIL PROTECTED] > > > To unsubscribe, email '[EMAIL PROTECTED]' with > > > 'unsubscribe radiator' in the body of the message. > > > > -- > > Radiator: the most portable, flexible and configurable RADIUS server > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > > - > > Nets: internetwork inventory and management - graphical, extensible, > > flexible with hardware, software, platform and database independence. > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.