Hi Michael - Very nice.
BTW - there are a number of custom RADIUS attributes that are available for this sort of thing in the OSC vendor-specifics in the standard dictionary. ….. # # Open System Consultants VSA's for carrying user data # from AuthBy PAM etc. OSC-AVPAIR is used to pass private data # between instances of Radiator # VENDOR OSC 9048 VENDORATTR 9048 OSC-AVPAIR 0 string VENDORATTR 9048 OSC-Uid 1 integer VENDORATTR 9048 OSC-Gid 2 integer VENDORATTR 9048 OSC-Home 3 string VENDORATTR 9048 OSC-Shell 4 string VENDORATTR 9048 OSC-Integrity-Message 5 binary # Experimental presence indicators, used to indictae whether and # where the user was last logged in. USed By AuthPRESENCESQL.pm VENDORATTR 9048 OSC-User-Presence-Indicator 6 integer VENDORATTR 9048 OSC-User-Presence-Location 7 string VENDORATTR 9048 OSC-User-Presence-Timestamp 8 integer VENDORATTR 9048 OSC-Client-Identifier 9 string VENDORATTR 9048 OSC-Service-Identifier 10 string VENDORATTR 9048 OSC-Customer-Identifier 11 string VENDORATTR 9048 OSC-Provider-Identifier 12 string VENDORATTR 9048 OSC-Environment-Identifier 13 string VENDORATTR 9048 OSC-Version-Identifier 14 string VENDORATTR 9048 OSC-Session-Identifier 15 string VENDORATTR 9048 OSC-Device-Identifier 16 string VENDORATTR 9048 OSC-User-Identifier 17 string VENDORATTR 9048 OSC-Group-Identifier 18 string VENDORATTR 9048 OSC-Acct-Input-Octets-64 19 integer64 VENDORATTR 9048 OSC-Acct-Output-Octets-64 20 integer64 VENDORATTR 9048 OSC-Authorize-Group 21 string VALUE OSC-User-Presence-Indicator NotPresent 0 VALUE OSC-User-Presence-Indicator Present 1 VALUE OSC-User-Presence-Indicator Unsure 2 # Attributes to help exporting information from SIM/USIM authentication VENDORATTR 9048 OSC-SIM-IMSI 80 string VENDORATTR 9048 OSC-SIM-MSIDSN 81 string VENDORATTR 9048 OSC-SIM-Identity 82 string VENDORATTR 9048 OSC-SIM-TMSI 83 string VENDORATTR 9048 OSC-SIM-FastReauthId 84 string VENDORATTR 9048 OSC-SIM-Method 85 integer VALUE OSC-SIM-Method EAP-SIM 18 VALUE OSC-SIM-Method EAP-AKA 23 VALUE OSC-SIM-Method EAP-AKA-PRIME 50 # The following are derived from Tacacs+ requests per draft-grant-tacacs-02 VENDORATTR 9048 OSC-TACACS-Action 100 integer VENDORATTR 9048 OSC-TACACS-Privilege-Level 101 integer VENDORATTR 9048 OSC-TACACS-Authen-Type 102 integer VENDORATTR 9048 OSC-TACACS-Service 103 integer VENDORATTR 9048 OSC-TACACS-Authen-Method 104 integer VALUE OSC-TACACS-Action Login 1 VALUE OSC-TACACS-Action Chpass 2 VALUE OSC-TACACS-Action Sendpass 3 VALUE OSC-TACACS-Action Sendauth 4 VALUE OSC-TACACS-Privilege-Level Max 15 VALUE OSC-TACACS-Privilege-Level Root 15 VALUE OSC-TACACS-Privilege-Level User 1 VALUE OSC-TACACS-Privilege-Level Min 0 VALUE OSC-TACACS-Authen-Type ASCII 1 VALUE OSC-TACACS-Authen-Type PAP 2 VALUE OSC-TACACS-Authen-Type CHAP 3 VALUE OSC-TACACS-Authen-Type ARAP 4 VALUE OSC-TACACS-Authen-Type MSCHAP 5 VALUE OSC-TACACS-Service None 0 VALUE OSC-TACACS-Service Login 1 VALUE OSC-TACACS-Service Enable 2 VALUE OSC-TACACS-Service PPP 3 VALUE OSC-TACACS-Service ARAP 4 VALUE OSC-TACACS-Service PT 5 VALUE OSC-TACACS-Service RCMD 6 VALUE OSC-TACACS-Service X25 7 VALUE OSC-TACACS-Service NASIq 8 VALUE OSC-TACACS-Service FWPROXY 9 VALUE OSC-TACACS-Authen-Method Not_Set 0 VALUE OSC-TACACS-Authen-Method None 1 VALUE OSC-TACACS-Authen-Method KRB5 2 VALUE OSC-TACACS-Authen-Method Line 3 VALUE OSC-TACACS-Authen-Method Enable 4 VALUE OSC-TACACS-Authen-Method Local 5 VALUE OSC-TACACS-Authen-Method TACACSPLUS 6 VALUE OSC-TACACS-Authen-Method Guest 8 VALUE OSC-TACACS-Authen-Method RADIUS 16 VALUE OSC-TACACS-Authen-Method KRB4 17 VALUE OSC-TACACS-Authen-Method RCMD 32 ….. Of course you can use OSC-AVPAIR for anything at all, and you can use the others as you see fit. regards Hugh > On 5 Feb 2015, at 10:20, Michael <ri...@vianet.ca> wrote: > > > > I personally log COA/POD requests using a very custom method. This may > not be desirable for others. I do this by after processing the COA/POD > normally, pass it to an AuthBy config that essentially changes it to an > Accounting-Request packet, populates a few extra values, then passes it > to my normal accounting log AuthBy. This also requires adding custom > values to the dictionary file. > > > <AuthBy GROUP> > Identifier convert2accounting > > <AuthBy INTERNAL> > OtherHook sub {\ > # some fancy code here. > } > </AuthBy> > > # now that this packate has been converted to an accounting > packet, it is ready to be logged. pass it to the accounting log AuthBy > AuthBy accounting_log > </AuthBy> > > > an example result is something like this: > > +----------+---------------------+--------+-----------+--------------+ > | username | timestamp | type | sess_time | term_cause | > +----------+---------------------+--------+-----------+--------------+ > | username | 2015-01-05 15:04:09 | login | NULL | NULL | > | username | 2015-01-05 16:46:03 | info | NULL | rate-change | > | username | 2015-01-05 16:47:02 | info | NULL | kick-request | > | username | 2015-01-05 16:47:02 | logout | 6173 | Admin-Reset | > +----------+---------------------+--------+-----------+--------------+ > > > > > > On 04/02/15 05:57 PM, Hugh Irvine wrote: >> Hello - >> >> As COA is not an authentication, it therefore follows that it will not be >> logged by an AuthLog clause. >> >> To see what happens with a COA you will need to look at the log file (not >> the authlog file). >> >> regards >> >> Hugh >> >> >>> On 4 Feb 2015, at 20:49, ONRUBIA AVILES Carlos (SPC/CSP) >>> <carlos.onrubia.avi...@proximus.com> wrote: >>> >>> Dear all, >>> >>> >>> >>> I have the following problem: >>> >>> >>> >>> I can log authentification with the configuration here below, it works >>> correctly. >>> >>> But if I use event_log identifier to log a COA (and not a normal >>> Access-Request with Accept or Reject), nothing happens. >>> >>> >>> >>> Can you indicate me how to log a COA with the answer (ACK or NACK) >>> >>> >>> >>> Thanks in advance, >>> >>> >>> >>> >>> >>> >>> >>> <Handler User-Name = ABCD >>> >>> AuthBy toto >>> >>> AuthLog event_log >>> >>> </Handler> >>> >>> >>> >>> <AuthLog FILE> >>> >>> Identifier event_log >>> >>> Filename %L/event_auth.log >>> >>> SuccessFormat %v %d >>> %H:%M:%S,,%s,,%n,,HIDDEN,,%a,,PASS,,%N,,%c,,%{Type},,%{Connect-Info},,%{Calling-Station-Id},,%{GlobalVar:servername}%{GlobalVar:suffixfon},,%{GlobalVar:authPort},, >>> >>> FailureFormat %v %d >>> %H:%M:%S,,%s,,%n,,HIDDEN,,none,,FAIL,,%N,,%c,,%{Type},,%{Connect-Info},,%{Calling-Station-Id},,%{GlobalVar:servername}%{GlobalVar:suffixfon},,%{GlobalVar:authPort},,%1 >>> >>> LogSuccess 1 >>> >>> LogFailure 1 >>> >>> </AuthLog> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> >>> ***** Disclaimer ***** >>> http://www.proximus.be/maildisclaimer >>> _______________________________________________ >>> radiator mailing list >>> radiator@open.com.au >>> http://www.open.com.au/mailman/listinfo/radiator >> >> -- >> >> Hugh Irvine >> h...@open.com.au >> >> Radiator: the most portable, flexible and configurable RADIUS server >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, >> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, >> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, >> DIAMETER, SIM, etc. >> Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. >> >> _______________________________________________ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator >> > > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator