Re: (RADIATOR) "Code" and hooks
Hi,
I'm trying to do something depending if in AuthLDAP2 the result was
Access-Accept , how can I get it in a PostSearchHook ?
[...] In radius.cfg
AuthAttrDef svcstatus,Svc-Status,request
PostSearchHook sub { my
($self,$p,$rp,$entry)=($_[0],$_[2],$_[5],$_[4]);\
my @attr = $_[4]->get('svcstatus');\
my $attr = @attr[0];\
return unless defined($attr);\
my $codeone=$rp->code;\
my $codetwo=$p->code;\
&main::log($main::LOG_DEBUG,"
$codeone - $codetwo");\
return if $rp->code eq 'Access-Reject';\
[...]
[...] In Log
Fri Dec 21 17:56:38 2001: DEBUG: LDAP got result for
cn=cocar,ou=Radius,ou=Internet,ou=Arnet,o=TS
Fri Dec 21 17:56:38 2001: DEBUG: LDAP got userPassword: NA17122001
Fri Dec 21 17:56:38 2001: DEBUG: LDAP got svcstatus: 1
Fri Dec 21 17:56:38 2001: DEBUG: - Access-Request
Fri Dec 21 17:56:38 2001: DEBUG: Radius::AuthLDAP2 looks for match with
cocar
Fri Dec 21 17:56:38 2001: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password
Fri Dec 21 17:56:38 2001: INFO: Access rejected for cocar: Bad Password
Fri Dec 21 17:56:38 2001: DEBUG: Packet dump:
*** Sending to 192.168.212.5 port 36442
[...]
[...] In AuthLDAP2.pm
# Perhaps run a hook to do other things with the LDAP data
if (defined $self->{PostSearchHook})
{
# We use an eval so an error in the hook wont
# kill us.
eval{ &{$self->{PostSearchHook}}($self, $name, $p, $user,
$entry, $rp);};
$self->log($main::LOG_ERR, "Error in PostSearchHook(): $@")
if $@;
}
[...]
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Cisco avpair problem
I have problems when wanting to permit only the access only to certain HOSTS and DNS in a Cisco 7500. AddToReply \ cisco-avpair = "ip:inacl#0=permit ip any any precedence immediate",\ cisco-avpair = "ip:inacl#1=permit udp any host 200.45.0.115 eq 53",\ cisco-avpair = "ip:inacl#2=permit udp any host 200.45.191.35 eq 53",\ cisco-avpair = "ip:inacl#3=permit tcp any any established",\ cisco-avpair = "ip:inacl#4=permit tcp any host 200.45.0.42 eq 80",\ cisco-avpair = "ip:inacl#5=permit tcp any host 200.45.190.149 eq 80",\ cisco-avpair = "ip:inacl#6=permit tcp any host 200.45.190.150 eq 80",\ cisco-avpair = "ip:inacl#7=permit tcp any host 200.45.0.35 eq 80",\ cisco-avpair = "ip:inacl#99=deny ip any any" Would it to be ok?
(RADIATOR) Error in Reference Manual
You have an error in Radiator Reference manual. In (6.7.6 CountQuery) Say, it default to: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME=’%u’ It's an error, the default is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='%u' Otherwise i.e. the Double-check with Nas-type=Ping did not work. Regards, Gustavo.
Re: (RADIATOR) Proxy pbs
Romain: If you like wait the reply and then to respond to the NAS. You would have to see the 6.29.17 item Synchronous Gustavo Moreira. - Original Message - From: Romain Vergniol To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] Sent: Friday, October 12, 2001 12:23 PM Subject: (RADIATOR) Proxy pbs Hello, I'm trying to set up a proxy that would be able to forward accounting to a different server. So I tried something like this (described in the reference manual) : AuthByPolicy ContinueAlways Host 172.29.xx.xx Host 172.29.xx.yy AuthPort 1645 NoForwardAccounting LocalAddress 172.29.yy.yy Secret xxx Secret xx Host 172.29.xx.zz NoForwardAuthentication AcctPort 1646 Secret LocalAddress 172.29.yy.yy The problem is that authentication is always accepted ... So I tried with "IgnoreAuth..." and "IgnoreAcct..." but it doesn't seem to work. What's the way to properly configure this proxy ? Thanx Romain VERGNIOL CEGEDIMService Réseau BoulogneFax : 33 01 46 03 45 95Tel : 33 01 49 09 84 02 [EMAIL PROTECTED]
