Hello Claudio -
Please look at my example again:
sub
{
my $p = ${$_[0]}; # original request packet
my $rp = ${$_[1]}; # reply packet to NAS
my $handled = $_[2]; # flag to indicate ACCEPT, REJECT or IGNORE # Only deal with authentication requests
my $code = $p->code();
return unless $code eq 'Access-Request'; if (.....)
{
$$handled = $main::IGNORE;
.....
}
return;
}Note that $handled is passed as a reference to a variable, and to alter the contents of that variable you *must* use
$$handled = $main::IGNORE;
regards
Hugh
PS - I know it is not obvious, so you should have a look at the code in "Radius/Handler.pm" to see what goes on.
PPS - the easiest way to see what is going on inside hooks is to add simple "print ...." statements, then run radiusd from the command line so you can see the output:
perl radiusd -foreground -log_stdout -trace 4 -config_file .....
On Monday, Sep 29, 2003, at 12:45 Australia/Melbourne, Claudio Lapidus wrote:
Hello Hugh
For the first case, I finally decided to flag the packet with a special
value (Tiemstamp=0) and trap it in a dedicated handler, it works a charm,
but the replies...
For the second case, yes you can use a PostAuthHook and alter the reply
to IGNORE.
Hmm, I must be missing something, I modified your example to work with accounting requests, but it should have worked the same, IMHO:
$ cat discard_response.pl sub { use constant THRESHOLD => 0.3;
my $p = ${$_[0]}; # original request packet my $rp = ${$_[1]}; # reply packet to NAS my $handled = $_[2]; # flag to indicate ACCEPT, REJECT or IGNORE
# Only deal with accounting requests my $code = $p->code(); return unless $code eq 'Accounting-Request';
my $r = rand; if ($r < THRESHOLD) { $handled = $main::IGNORE; &main::log($main::LOG_DEBUG, "Response IGNORED"); } return; }
and the config is
Foreground LogStdout Trace 4
# this one works OK PreClientHook file:"/export/home/radiator/discard_request.pl"
<Client 127.0.0.1> Secret secret NasType Cisco PreHandlerHook file:"/export/home/radiator/ciscoavpair.pl" </Client>
<AuthBy INTERNAL> Identifier TheDropper DefaultResult IGNORE </AuthBy>
<AuthBy SQL> Identifier Acct-Handler DBSource dbi:Pg:dbname=xxxxx DBUsername yyyyy DBAuth zzzzz FailureBackoffTime 30
AccountingTable ACCOUNTING_CISCO AcctColumnDef NAS_IP_Address,NAS-IP-Address AcctColumnDef Cisco_NAS_Port,Cisco-NAS-Port # lots of column defs here...
AcctFailedLogFileName /var/log/radiator_%d-%m-%Y_failed.log </AuthBy SQL>
# Temp handler for traffic test <Handler Timestamp=0> AuthBy TheDropper </Handler>
# Main handler <Handler Request-Type=Accounting-Request>
# this is the one giving trouble... PostAuthHook file:"/export/home/radiator/discard_response.pl" AuthBy Acct-Handler </Handler>
To test, I use
$ radpwtst -iterations 1 -s 127.0.0.1 -secret secret -noauth Timestamp=1234567890 sending Accounting-Request Start... OK sending Accounting-Request Stop... OK
But the trace shows
...
Sun Sep 28 23:34:03 2003: DEBUG: Handling request with Handler
'Request-Type=Accounting-Request'
Sun Sep 28 23:34:03 2003: DEBUG: Adding session for mikem, 203.63.154.1,
1234
Sun Sep 28 23:34:03 2003: DEBUG: Handling with Radius::AuthSQL
Sun Sep 28 23:34:03 2003: DEBUG: Handling accounting with Radius::AuthSQL
Sun Sep 28 23:34:03 2003: DEBUG: do query is: 'insert into ACCOUNTING_CISCO
(time_stamp,NAS_Port_Type,NAS_IP_Address,Calling_Station_Id,Acct_Status _Type
,User_Name,Acct_Session_Id,Called_Station_Id,Service_Type,Acct_Delay_Ti me)
values
('1234567890','Async','203.63.154.1','987654321','Start','mikem','00001 234',
'123456789','Framed-User','0')':
Sun Sep 28 23:34:04 2003: DEBUG: Response IGNORED Sun Sep 28 23:34:04 2003: DEBUG: Accounting accepted Sun Sep 28 23:34:04 2003: DEBUG: Packet dump: *** Sending to 127.0.0.1 port 33804 .... Code: Accounting-Response Identifier: 108 Authentic: <5>P<154><218><183><181><135><28>/.<140><142>77<251><250> Attributes:
So the hook says it set the reply to IGNORE, but then the handler is accepting it anyway? cl.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
