Re: (RADIATOR) "Code" and hooks
Hi, I'm trying to do something depending if in AuthLDAP2 the result was Access-Accept , how can I get it in a PostSearchHook ? [...] In radius.cfg AuthAttrDef svcstatus,Svc-Status,request PostSearchHook sub { my ($self,$p,$rp,$entry)=($_[0],$_[2],$_[5],$_[4]);\ my @attr = $_[4]->get('svcstatus');\ my $attr = @attr[0];\ return unless defined($attr);\ my $codeone=$rp->code;\ my $codetwo=$p->code;\ &main::log($main::LOG_DEBUG," $codeone - $codetwo");\ return if $rp->code eq 'Access-Reject';\ [...] [...] In Log Fri Dec 21 17:56:38 2001: DEBUG: LDAP got result for cn=cocar,ou=Radius,ou=Internet,ou=Arnet,o=TS Fri Dec 21 17:56:38 2001: DEBUG: LDAP got userPassword: NA17122001 Fri Dec 21 17:56:38 2001: DEBUG: LDAP got svcstatus: 1 Fri Dec 21 17:56:38 2001: DEBUG: - Access-Request Fri Dec 21 17:56:38 2001: DEBUG: Radius::AuthLDAP2 looks for match with cocar Fri Dec 21 17:56:38 2001: DEBUG: Radius::AuthLDAP2 REJECT: Bad Password Fri Dec 21 17:56:38 2001: INFO: Access rejected for cocar: Bad Password Fri Dec 21 17:56:38 2001: DEBUG: Packet dump: *** Sending to 192.168.212.5 port 36442 [...] [...] In AuthLDAP2.pm # Perhaps run a hook to do other things with the LDAP data if (defined $self->{PostSearchHook}) { # We use an eval so an error in the hook wont # kill us. eval{ &{$self->{PostSearchHook}}($self, $name, $p, $user, $entry, $rp);}; $self->log($main::LOG_ERR, "Error in PostSearchHook(): $@") if $@; } [...] === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Cisco avpair problem
I have problems when wanting to permit only the access only to certain HOSTS and DNS in a Cisco 7500. AddToReply \ cisco-avpair = "ip:inacl#0=permit ip any any precedence immediate",\ cisco-avpair = "ip:inacl#1=permit udp any host 200.45.0.115 eq 53",\ cisco-avpair = "ip:inacl#2=permit udp any host 200.45.191.35 eq 53",\ cisco-avpair = "ip:inacl#3=permit tcp any any established",\ cisco-avpair = "ip:inacl#4=permit tcp any host 200.45.0.42 eq 80",\ cisco-avpair = "ip:inacl#5=permit tcp any host 200.45.190.149 eq 80",\ cisco-avpair = "ip:inacl#6=permit tcp any host 200.45.190.150 eq 80",\ cisco-avpair = "ip:inacl#7=permit tcp any host 200.45.0.35 eq 80",\ cisco-avpair = "ip:inacl#99=deny ip any any" Would it to be ok?
(RADIATOR) Error in Reference Manual
You have an error in Radiator Reference manual. In (6.7.6 CountQuery) Say, it default to: select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE where USERNAME=’%u’ It's an error, the default is: select NASIDENTIFIER, NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where USERNAME='%u' Otherwise i.e. the Double-check with Nas-type=Ping did not work. Regards, Gustavo.
Re: (RADIATOR) Proxy pbs
Romain: If you like wait the reply and then to respond to the NAS. You would have to see the 6.29.17 item Synchronous Gustavo Moreira. - Original Message - From: Romain Vergniol To: [EMAIL PROTECTED] ; [EMAIL PROTECTED] Sent: Friday, October 12, 2001 12:23 PM Subject: (RADIATOR) Proxy pbs Hello, I'm trying to set up a proxy that would be able to forward accounting to a different server. So I tried something like this (described in the reference manual) : AuthByPolicy ContinueAlways Host 172.29.xx.xx Host 172.29.xx.yy AuthPort 1645 NoForwardAccounting LocalAddress 172.29.yy.yy Secret xxx Secret xx Host 172.29.xx.zz NoForwardAuthentication AcctPort 1646 Secret LocalAddress 172.29.yy.yy The problem is that authentication is always accepted ... So I tried with "IgnoreAuth..." and "IgnoreAcct..." but it doesn't seem to work. What's the way to properly configure this proxy ? Thanx Romain VERGNIOL CEGEDIMService Réseau BoulogneFax : 33 01 46 03 45 95Tel : 33 01 49 09 84 02 [EMAIL PROTECTED]