(RADIATOR) PostAuthHook
Hello List,
This is a bit off topic, but i was wandering if you
guys could help me
I have a PostAuthHook and inside the postauthhook i
want to call some subs in that hook file. I am not really a perl programmer, but
i try, anyway it isnt working
Could someone tell me why
PostAuthHook FILE
sub
{ &main::log($main::LOG_DEBUG,"Start Hook
Processing"); # Used for National Ports,
# Rejecting user if they are not a national
customer, # IE They have local ports at thier
location rejectLocationPortNationDialing(\${$_[0]},\${$_[1]},\${$_[2]}); # Used
to make sure that customers arnt dialing into # DOV access unless
they have a DOV account
denyNonDOVAccessingDOV(\${$_[0]},\${$_[1]},\${$_[2]}); &main::log($main::LOG_DEBUG,"Finish
Hook Processing");}
sub rejectLocationPortNationDialing { my
$request = ${$_[0]}; my $reply = ${$_[1]}; my $result =
${$_[2]};
}
sub denyNonDOVAccessingDOV { my $request =
${$_[0]}; my $reply = ${$_[1]}; my $result =
${$_[2]};
}
end of file
there is extra code inside the two subs i am
calling but i wont bother pasting that because it isnt even getting to
that
here is the error i am getting
Wed Jun 4 12:40:28 2003: ERR: Compilation
error in PostAuthHook: syntax error at (eval 45) line 16, near
"}
sub rejectLocationPortNationDialing "
Can't use global @_ in "my" at (eval 45) line
17, near "{$_"
any help would be greatly appreciated
Kind RegardsNathan FranklinTSN
Internet[EMAIL PROTECTED]MSN: [EMAIL PROTECTED]'Always,
always, always, live your own life. If not, you only live off others and are
mass-produced. Individualism is something no one can take away.'
(RADIATOR) PostAuthHook
I am trying to implement a PostAuthHook. I have added the following line in my configuration file blah blah PostAuthHook file:"%D/SetActive.txt" When I start Radiator I get the following error: ERR: Unknown keyword 'PostAuthHook' in I am not using Handler's as described in the hooks.txt file. Have I defined it in the wrong place? Thanks
(RADIATOR) PostAuthHook
Thanks Mike,
I'm starting to get my PostAuthHook running and starting to like Radiator a
lot. My hook so far is:
PostAuthHook sub { my $reply = ${$_[1]};\
my $reqst = ${$_[0]};\
my $status = ${$_[2]}; \
print "\n"; \
print "User =", $reqst->get_attr('User-Name'),
" "; \
print "Days =",
$reply->get_attr('Days-Since-Added'); \print
"ACCEPT = ", $main::ACCEPT, " "; \
print "Status = ", $status,
"\n";\
}
This is printing to the screen which is crude, but good enough for debugging.
Some of the output is below. I've been reading the online manual and trying to
work it out. I would expect to see PostAuthHook called once when someone logs
in [currently seeing it twice]. Could this be due to having the PostAuthHook
in the section? If so where should I put the PostAuthHook? Do
I need to add in a section?
Thanks. Paul
User =rjensen Days = ACCEPT = 0 Status = 0
User =gstearn Days =129.84 ACCEPT = 0 Status = 0
User =gstearn Days = ACCEPT = 0 Status = 0
User =gstearn Days = ACCEPT = 0 Status = 0
User =robyn Days = ACCEPT = 0 Status = 0
User =airmen Days =131.09 ACCEPT = 0 Status = 0
User =airmen Days = ACCEPT = 0 Status = 0
User =ryan Days =104.89 ACCEPT = 0 Status = 0
User =ryan Days = ACCEPT = 0 Status = 0
User =johndel Days = ACCEPT = 0 Status = 0
User =lumsden Days =104.88 ACCEPT = 0 Status = 0
User =lumsden Days = ACCEPT = 0 Status = 0
Mike McCauley wrote:
> Like this:
>
> PostAuthHook sub { my $reply = ${$_[1]); print "its ",
> $reply->get_attr('Days-Since-Added'), "\n";}
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) postauthhook
When doing a postauthhook, or reply handler hook... how do you get the username before the "stripping" of the realm takes place. Currently I am doing . my $username = $p->getUserName(); and it seems to be giving me the username after the rewrite takes place. Thanks Brandon
(RADIATOR) PostAuthHook
Hi,
I've got a stand-alone perl program that hits the RADONLINE db and makes
entries in an access database for sendmail. On it's own, it works fine,
but I'm trying to make it work as a subroutine called from a PostAuthHook
in my Handler for IPass requests:
[from radius.cfg...]
AuthBy Ipass_SQL
AuthBy Ipass_User
# call an external program to open up mail relaying for
# this user
# PostAuthHook file:"%D/write-access.pl"
[...]
I've been playing around with trying to get it to work, but I'm not
totally familiar with the whole idea of subroutines and local vs. global
variables. At this time, I get the following error:
Wed Jan 10 20:03:59 2001: NOTICE: SIGHUP received: restarting
Wed Jan 10 20:03:59 2001: ERR: Compilation error in PostAuthHook(): Can't
declare subroutine entry in my at (eval 535) line 46, at EOF
I've changed all my variables to be in the format 'my $foo="bar";', but
I'm having trouble with getting a while loop that goes through an array
working (the log entry above always seems to be around the while loop).
I'm also curious if there's a better way to be hitting the database since
radiator already has a connection to it...
I've included the whole mess below in hopes that someone can give me a
hand with this. Running standalone is an option as well, I guess, I'd
just have to run this very frequently.
Thanks,
Charles
# -*- mode: Perl -*-
# PopAuth
# don't really know what the above does...
# CSS 01/10/01
# small program to update a sendmail (or possibly other) access
# list based on current logged in users outside of our normal
# IP range. Specifically, for IPass users. This can be run
# standalone out of cron or be called by a PostAuthHook in the
# handler/realm used for IPass requests.
# the m4 file used to tweak sendmail is here:
# http://www.sendmail.org/~ca/email/rules/popauth.m4
# It goes in the "hack" directory under sendmail's cf directory.
sub
{
# config options
my $dbhost = "localhost";
my $dbuser = "xxx";
my $dbpass = "xxx";
my $dbname = "radius";
my $dbtext = "/usr/local/etc/mail/popauth";
my $localips = "216.223.19";
my $makemap = "/usr/sbin/makemap";
my $dbtype = "hash";
my $dbfile = "/usr/local/etc/mail/popauth.db";
# needed for standalone operation...
#use DBI;
# connect to the db
my $dbhandle = DBI->connect("DBI:mysql:$dbname:$dbhost","$dbuser","$dbpass")
or die $DBI::errstr;
# get file handle
open (POPAUTH, ">$dbtext") || die ("Can't open $dbtext for writing.\n");
# our query
my $dbquery = "select FRAMEDIPADDRESS from RADONLINE where (FRAMEDIPADDRESS
NOT LIKE '$localips%' AND FRAMEDIPADDRESS IS NOT NULL)";
my $query = $dbhandle->prepare($dbquery);
$query->execute or die $DBI::errstr;
# this is where the complaints come from
while (@query_result = $query->fetchrow_array)
{
print POPAUTH "$query_result[0]\tOK\n";
print "$query_result[0]\tOK\n";
}
close POPAUTH;
my $dbhandle->disconnect;
my $rc = system ("$makemap $dbtype $dbfile < $dbtext");
if ($rc > 0)
{
print "Unable to execute command $makemap, exit code $rc\n";
}
return;
}
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook
Hello Nathan,
The problem is the ordering of subs in your file.
Your anonymous hook sub should be at the end of the file, after your named
subs, not at the beginning.
Cheers.
On Wed, 4 Jun 2003 12:51 pm, Nathan 'Franko' Franklin wrote:
> Hello List,
>
> This is a bit off topic, but i was wandering if you guys could help me
>
> I have a PostAuthHook and inside the postauthhook i want to call some subs
> in that hook file. I am not really a perl programmer, but i try, anyway it
> isnt working
>
> Could someone tell me why
>
> PostAuthHook FILE
>
> sub {
> &main::log($main::LOG_DEBUG,"Start Hook Processing");
>
> # Used for National Ports,
> # Rejecting user if they are not a national customer,
> # IE They have local ports at thier location
> rejectLocationPortNationDialing(\${$_[0]},\${$_[1]},\${$_[2]});
>
> # Used to make sure that customers arnt dialing into
> # DOV access unless they have a DOV account
> denyNonDOVAccessingDOV(\${$_[0]},\${$_[1]},\${$_[2]});
>
> &main::log($main::LOG_DEBUG,"Finish Hook Processing");
> }
> sub rejectLocationPortNationDialing {
> my $request = ${$_[0]};
> my $reply = ${$_[1]};
> my $result = ${$_[2]};
> }
> sub denyNonDOVAccessingDOV {
> my $request = ${$_[0]};
> my $reply = ${$_[1]};
> my $result = ${$_[2]};
> }
>
>
> end of file
>
> there is extra code inside the two subs i am calling but i wont bother
> pasting that because it isnt even getting to that
>
> here is the error i am getting
>
> Wed Jun 4 12:40:28 2003: ERR: Compilation error in PostAuthHook: syntax
> error a t (eval 45) line 16, near "}
>
> sub rejectLocationPortNationDialing "
>
> Can't use global @_ in "my" at (eval 45) line 17, near "{$_"
>
> any help would be greatly appreciated
>
> Kind Regards
>
> Nathan Franklin
> TSN Internet
> [EMAIL PROTECTED]
> MSN: [EMAIL PROTECTED]
>
> 'Always, always, always, live your own life. If not, you only live off
> others and are mass-produced. Individualism is something no one can take
> away.'
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP etc on Unix, Windows, MacOS etc.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook question.
Hello,
I'm in need of adding specific attributes to the reply packets for one
of the routers I have to authenticate (out of hundreds). Since I only
have need for one handler and we don't use realms, I figure the best
thing to do would be to have a little PostAuthHook that tested my
request for the right IP address and if it passes, add the apprpriate
attributes to the reply packet. I used to have a problem with
NAS-IP-Address fields not matching the actual IP address of the router
sending the packet, so now I have an 'identifier' in every client block
with the IP address that I want to be associated with each router (it's
actual IP address.) That 'identifier' is used in my AUthBy module that I
wrote to test various things about each router (allowing certain
customers access only on certain routers, etc.)
When I put in the following PostAuthHook, it won't compile, and quite
honestly I'm not sure if I've done this right. Any help would be
appreciated. I tried to steal this straight out of the manual, so I'm a
little surprised at the error I get.
RewriteUsername s/^([^@]+).*/$1/
AuthByPolicy ContinueUntilAccept
# authorize by the module AuthQuikRadAcct.pm
# Fork
# authorize by the module AuthQuikRad.pm
# Handle the Router 65.89.75.8
PostAuthHook sub { if ${$_[2]} eq $main::ACCEPT && \
${$_[0]}->{Client}->{Identifier} eq "65.89.75.8" { \
${$_[1]}->add_attr('Ascend-Data-Filter','ip in forward tcp
est'); \
${$_[1]}->add_attr('Ascend-Data-Filter','ip in forward dstip
216.176.28.1/32'); \
${$_[1]}->add_attr('Ascend-Data-Filter','ip in drop tcp
dstport=25'); \
${$_[1]}->add_attr('Ascend-Data-Filter','ip in forward'); \
${$_[1]}->change_attr('Service-Type','Framed'); \
} \
}
# Log accounting to the detail file in LogDir/
AcctLogFileName %L/%c/detail
# MaxSessions 1
The error in the log file is:
Thu Jun 21 10:10:35 2001: ERR: Compilation error in PostAuthHook: syntax
error at (eval 77) line 1, near "if $"
syntax error at (eval 77) line 2, at EOF
Missing right bracket at (eval 77) line 2, at end of line
Thu Jun 21 10:10:35 2001: ERR: Unknown keyword
'${$_[1]}->add_attr('Ascend-Data-Filter','ip' in /etc/radius.cfg line
109
It appears to be failing right away at my conditional. Are conditionals
unacceptable?
Griff Hamlin, III
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook
Hello - The PostAuthHook is a Realm (or Handler) parameter. . PostAuthHook file:"%D/SetActive.txt" There are some example hooks in the file "goodies/hooks.txt" in the distribution. regards Hugh On Tuesday, July 30, 2002, at 11:41 PM, Radius Admin wrote: I am trying to implement a PostAuthHook. I have added the following line in my configuration file blah blah PostAuthHook file:"%D/SetActive.txt" When I start Radiator I get the following error: ERR: Unknown keyword 'PostAuthHook' in I am not using Handler's as described in the hooks.txt file. Have I defined it in the wrong place? Thanks -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
Re: (RADIATOR) PostAuthHook
Hello -
The "print ..." statement writes output to stdout, not the Radiator log file.
To see how to log messages to the log file, have a look at "goodies/hooks.txt".
regards
Hugh
On Wednesday, July 31, 2002, at 01:03 PM, Radius Admin wrote:
Dear Hugh,
I have ammended the configuration to look as follows:
PostAuthHook sub { print "*\n";}
I have set "trace 4" and I do not see the out put of the above function when
an authentication request is made in the log file. Is it being called?
I am running Radiator 3.1
Thanks
- Original Message -
From: Hugh Irvine
To: Radius Admin
Cc: [EMAIL PROTECTED]
Sent: Wednesday, July 31, 2002 7:40 AM
Subject: Re: (RADIATOR) PostAuthHook
Hello -
The PostAuthHook is a Realm (or Handler) parameter.
.
PostAuthHook file:"%D/SetActive.txt"
There are some example hooks in the file "goodies/hooks.txt" in the distribution.
regards
Hugh
On Tuesday, July 30, 2002, at 11:41 PM, Radius Admin wrote:
I am trying to implement a PostAuthHook.
I have added the following line in my configuration file
blah
blah
PostAuthHook file:"%D/SetActive.txt"
When I start Radiator I get the following error: ERR: Unknown keyword 'PostAuthHook' in
I am not using Handler's as described in the hooks.txt file. Have I defined it in the wrong place?
Thanks
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
Re: (RADIATOR) PostAuthHook
Hello Neil - Quite correct - fixed for the next release. many thanks Hugh On Wednesday, July 31, 2002, at 11:35 AM, neil d. quiogue wrote: Hello Hugh, I think one of the confusion was brought about by one of the examples in "goodies/hooks.txt" (fourth example): PostAuthHook file:"%D/stripSelectedAttribute" Much thanks. Regards, Neil D. Quiogue CPCNet Hong Kong Limited A CITIC Pacific Company Voice (852) 2170.7140 Fax (852) 2751.7030 "Information and attachments herein are intended for the named recipients only. It may contain attorney-client privileged or confidential matter. If you have received this message in error, please notify the sender immediately, and destroy the original message. Do not disclose the contents to anyone. Thank you." - Original Message - From: Hugh Irvine To: Radius Admin Cc: [EMAIL PROTECTED] Sent: Wednesday, July 31, 2002 7:40 AM Subject: Re: (RADIATOR) PostAuthHook Hello - The PostAuthHook is a Realm (or Handler) parameter. . PostAuthHook file:"%D/SetActive.txt" There are some example hooks in the file "goodies/hooks.txt" in the distribution. regards Hugh On Tuesday, July 30, 2002, at 11:41 PM, Radius Admin wrote: I am trying to implement a PostAuthHook. I have added the following line in my configuration file blah blah PostAuthHook file:"%D/SetActive.txt" When I start Radiator I get the following error: ERR: Unknown keyword 'PostAuthHook' in I am not using Handler's as described in the hooks.txt file. Have I defined it in the wrong place? Thanks -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
Re: (RADIATOR) PostAuthHook
This has nothing to see, but in the last release, there is an annoying:
AuthGeneric.pm:743: print "checking '$check_name', '$value'\n";
with no debug or logging condition, it just prints. So that whenever you
start Radiator you see that line on every request. I personally commented
this line.
--On Wednesday, July 31, 2002 07:49:04 PM +1000 Hugh Irvine
<[EMAIL PROTECTED]> wrote:
>
> Hello -
>
> The "print ..." statement writes output to stdout, not the Radiator log
> file.
>
> To see how to log messages to the log file, have a look at
> "goodies/hooks.txt".
>
> regards
>
> Hugh
>
>
>
> On Wednesday, July 31, 2002, at 01:03 PM, Radius Admin wrote:
>
>> Dear Hugh,
>>
>> I have ammended the configuration to look as follows:
>>
>>
>> PostAuthHook sub { print
>> "*\n";}
>>
>>
>> I have set "trace 4" and I do not see the out put of the above function
>> when
>> an authentication request is made in the log file. Is it being called?
>>
>> I am running Radiator 3.1
>>
>> Thanks
>>
>> - Original Message -
>> From: Hugh Irvine
>> To: Radius Admin
>> Cc: [EMAIL PROTECTED]
>> Sent: Wednesday, July 31, 2002 7:40 AM
>> Subject: Re: (RADIATOR) PostAuthHook
>>
>> Hello -
>>
>> The PostAuthHook is a Realm (or Handler) parameter.
>>
>>
>>
>> .
>>
>> PostAuthHook file:"%D/SetActive.txt"
>>
>>
>> There are some example hooks in the file "goodies/hooks.txt" in the
>> distribution.
>>
>> regards
>>
>> Hugh
>>
>>
>> On Tuesday, July 30, 2002, at 11:41 PM, Radius Admin wrote:
>>
>> I am trying to implement a PostAuthHook.
>>
>> I have added the following line in my configuration file
>>
>>
>>
>>
>>
>> blah
>> blah
>>
>> PostAuthHook file:"%D/SetActive.txt"
>>
>>
>>
>> When I start Radiator I get the following error: ERR: Unknown keyword
>> 'PostAuthHook' in
>>
>> I am not using Handler's as described in the hooks.txt file. Have I
>> defined it in the wrong place?
>>
>> Thanks
>>
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
>> on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
>>
>>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
> on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
>
/jeje
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook
Salut Jeje -
Merci pour ca.
I've copied Mike on this mail and he will fix the problem for the next
release.
many thanks
Hugh
On Wednesday, July 31, 2002, at 10:56 PM, Jeje wrote:
> This has nothing to see, but in the last release, there is an annoying:
>
> AuthGeneric.pm:743: print "checking '$check_name', '$value'\n";
>
> with no debug or logging condition, it just prints. So that whenever
> you start Radiator you see that line on every request. I personally
> commented this line.
>
> --On Wednesday, July 31, 2002 07:49:04 PM +1000 Hugh Irvine
> <[EMAIL PROTECTED]> wrote:
>
>>
>> Hello -
>>
>> The "print ..." statement writes output to stdout, not the Radiator log
>> file.
>>
>> To see how to log messages to the log file, have a look at
>> "goodies/hooks.txt".
>>
>> regards
>>
>> Hugh
>>
>>
>>
>> On Wednesday, July 31, 2002, at 01:03 PM, Radius Admin wrote:
>>
>>> Dear Hugh,
>>>
>>> I have ammended the configuration to look as follows:
>>>
>>>
>>> PostAuthHook sub { print
>>> "*\n";}
>>>
>>>
>>> I have set "trace 4" and I do not see the out put of the above
>>> function
>>> when
>>> an authentication request is made in the log file. Is it being called?
>>>
>>> I am running Radiator 3.1
>>>
>>> Thanks
>>>
>>> - Original Message -
>>> From: Hugh Irvine
>>> To: Radius Admin
>>> Cc: [EMAIL PROTECTED]
>>> Sent: Wednesday, July 31, 2002 7:40 AM
>>> Subject: Re: (RADIATOR) PostAuthHook
>>>
>>> Hello -
>>>
>>> The PostAuthHook is a Realm (or Handler) parameter.
>>>
>>>
>>>
>>> .
>>>
>>> PostAuthHook file:"%D/SetActive.txt"
>>>
>>>
>>> There are some example hooks in the file "goodies/hooks.txt" in the
>>> distribution.
>>>
>>> regards
>>>
>>> Hugh
>>>
>>>
>>> On Tuesday, July 30, 2002, at 11:41 PM, Radius Admin wrote:
>>>
>>> I am trying to implement a PostAuthHook.
>>>
>>> I have added the following line in my configuration file
>>>
>>>
>>>
>>>
>>>
>>> blah
>>> blah
>>>
>>> PostAuthHook file:"%D/SetActive.txt"
>>>
>>>
>>>
>>> When I start Radiator I get the following error: ERR: Unknown keyword
>>> 'PostAuthHook' in
>>>
>>> I am not using Handler's as described in the hooks.txt file. Have I
>>> defined it in the wrong place?
>>>
>>> Thanks
>>>
>>>
>>> --
>>> Radiator: the most portable, flexible and configurable RADIUS server
>>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>>> Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
>>> on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
>>>
>>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
>> on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
>>
>
>
>
> /jeje
>
>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook
On Thu, 1 Aug 2002 08:57, Hugh Irvine wrote:
> Salut Jeje -
>
> Merci pour ca.
>
> I've copied Mike on this mail and he will fix the problem for the next
> release.
Done.
Cheers.
>
> many thanks
>
> Hugh
>
> On Wednesday, July 31, 2002, at 10:56 PM, Jeje wrote:
> > This has nothing to see, but in the last release, there is an annoying:
> >
> > AuthGeneric.pm:743: print "checking '$check_name', '$value'\n";
> >
> > with no debug or logging condition, it just prints. So that whenever
> > you start Radiator you see that line on every request. I personally
> > commented this line.
> >
> > --On Wednesday, July 31, 2002 07:49:04 PM +1000 Hugh Irvine
> >
> > <[EMAIL PROTECTED]> wrote:
> >> Hello -
> >>
> >> The "print ..." statement writes output to stdout, not the Radiator log
> >> file.
> >>
> >> To see how to log messages to the log file, have a look at
> >> "goodies/hooks.txt".
> >>
> >> regards
> >>
> >> Hugh
> >>
> >> On Wednesday, July 31, 2002, at 01:03 PM, Radius Admin wrote:
> >>> Dear Hugh,
> >>>
> >>> I have ammended the configuration to look as follows:
> >>>
> >>>
> >>> PostAuthHook sub { print
> >>> "*\n";}
> >>>
> >>>
> >>> I have set "trace 4" and I do not see the out put of the above
> >>> function
> >>> when
> >>> an authentication request is made in the log file. Is it being called?
> >>>
> >>> I am running Radiator 3.1
> >>>
> >>> Thanks
> >>>
> >>> - Original Message -
> >>> From: Hugh Irvine
> >>> To: Radius Admin
> >>> Cc: [EMAIL PROTECTED]
> >>> Sent: Wednesday, July 31, 2002 7:40 AM
> >>> Subject: Re: (RADIATOR) PostAuthHook
> >>>
> >>> Hello -
> >>>
> >>> The PostAuthHook is a Realm (or Handler) parameter.
> >>>
> >>>
> >>>
> >>> .
> >>>
> >>> PostAuthHook file:"%D/SetActive.txt"
> >>>
> >>>
> >>> There are some example hooks in the file "goodies/hooks.txt" in the
> >>> distribution.
> >>>
> >>> regards
> >>>
> >>> Hugh
> >>>
> >>>
> >>> On Tuesday, July 30, 2002, at 11:41 PM, Radius Admin wrote:
> >>>
> >>> I am trying to implement a PostAuthHook.
> >>>
> >>> I have added the following line in my configuration file
> >>>
> >>>
> >>>
> >>>
> >>>
> >>> blah
> >>> blah
> >>>
> >>> PostAuthHook file:"%D/SetActive.txt"
> >>>
> >>>
> >>>
> >>> When I start Radiator I get the following error: ERR: Unknown keyword
> >>> 'PostAuthHook' in
> >>>
> >>> I am not using Handler's as described in the hooks.txt file. Have I
> >>> defined it in the wrong place?
> >>>
> >>> Thanks
> >>>
> >>>
> >>> --
> >>> Radiator: the most portable, flexible and configurable RADIUS server
> >>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> >>> Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
> >>> on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
> >>
> >> --
> >> Radiator: the most portable, flexible and configurable RADIUS server
> >> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> >> Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
> >> on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
> >
> > /jeje
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory etc etc
on Unix, Win95/8, 2000, NT, MacOS 9, MacOS X etc etc
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook nightmares.
-- Forwarded Message --
Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Steve
Phillips <[EMAIL PROTECTED]>]
Date: Mon, 25 Nov 2002 14:26:01 -0600
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
>From [EMAIL PROTECTED] Mon Nov 25 14:26:01 2002
Received: from mail.nz.asiaonline.net (etrn.iconz.co.nz [210.48.22.36])
by server1.open.com.au (8.11.0/8.11.0) with ESMTP id gAPKPxC21266
for <[EMAIL PROTECTED]>; Mon, 25 Nov 2002 14:26:00 -0600
Received: from doodlebug.iconz.net (liv.nz.asiaonline.net [202.14.100.208])
by mail.nz.asiaonline.net (8.9.3/8.9.3) with ESMTP id OAA076061038273417
for <[EMAIL PROTECTED]>; Tue, 26 Nov 2002 14:16:57 +1300 (NZDT)
Message-Id: <[EMAIL PROTECTED]>
X-Sender: [EMAIL PROTECTED]
X-Mailer: QUALCOMM Windows Eudora Version 5.1.1
Date: Tue, 26 Nov 2002 14:20:13 +1300
To: [EMAIL PROTECTED]
From: Steve Phillips <[EMAIL PROTECTED]>
Subject: PostAuthHook nightmares.
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Hey all, I have the following script (included below) that I use to assign
an IP address based upon a user "Class"
NAS --- Radius Proxy --- Radius Auth
--- Auth File
Say a user logs in with "[EMAIL PROTECTED]" they will get authed out of a
file, the PostAuthHook looks at the "Class" attribute that is set in the
Auth File and preforms a database lookup against that IP class pool,
allocates the user an IP, then updates the database tagging that IP against
this user.
This all seemed to work quite happily until I tried to do the same thing by
proxying across to a remote radius server (customer run so no control over
the attributes that are returned)
I added the ' AddToReplyIfNotExist Class = "fred.com" ' directive in the
AuthBy RADIUS clause, which appears to work quite happily, however, the
hook documentation seems to be rather lacking when it comes to discussing
radius proxy requests
Under the AuthBy FILE directive, the hook variables as set as such (for an
Access-Accept)
${$_[0]} is the current request
${$_[1]} is the reply packet -> nas
${$_[2]} is the auth result
The issue appears to be that the Auth Result for a file auth, and the Auth
Result for a radius proxy auth are not the same, in the file auth, we get a
$main::ACCEPT (${$_[2]} == 0) when the auth succeeds, with the radius
proxy, wether it is an Accept or a Reject we end up with a $main::IGNORE.
This obviously is an issue because it becomes difficult to allocate IP's
based upon an access accept, and not allocate when getting an access-reject.
Question is - what should I be testing against if it is not supposed to be
the Auth Result ? I need this to be able to work against both radius
authing and file authing, and what other gotcha's am I going to see later
on ? is there any fuller documentation than the goodies/hooks.txt list ?
Hope this makes some sense :-)
-- Script follows, I've since gone through and added much logging for debug
purposes --
-- The script is still in development obviously so please ignore any
discrepancies --
sub {
use Mysql;
my $dbuser = 'someuser';
my $dbpass =
'thisisatopsecretdatabasepasswordthatwillneverappearonamailinglist';
my $dbhost = 'bigarse.database.server';
my $dbh_ipalloc = undef;
my $p = ${$_[0]}; # Current Request
my $rp = ${$_[1]}; # reply packet to NAS
my $ar = ${$_[2]}; # Result of Auth
my $rr = ${$_[3]}; # Reject Reason
# get the reply code from the proxy radius
my $code = $p->code;
# and a few other attributes
my $class= $rp->get_attr('Class');
my $type = $p->get_attr('Acct-Status-Type');
my $actclass = $p->get_attr('Class');
my $username = $p->get_attr('User-Name');
&main::log($main::DEBUG, "ar= $ar");
&main::log($main::DEBUG, "ACCEPT= $main::ACCEPT");
&main::log($main::DEBUG, "REJECT= $main::REJECT");
&main::log($main::DEBUG, "IGNORE= $main::IGNORE");
&main::log($main::DEBUG, "code = $code");
&main::log($main::DEBUG, "Username = $username");
&main::log($main::DEBUG, "Type = $type");
&main::log($main::DEBUG, "Class = $class");
&main::log($main::DEBUG, "AcctClass = $actclass");
if (($ar == $main::ACCEPT) || ($ar == $main::IGNORE))
{
# delete any framed-ip or netmask
$rp->delete_attr('Framed-IP-Address');
$rp->delete_attr('Framed-IP-Netmask');
my ($user, $realm) = split /@/, $username, 2;
if (!$realm) { $realm = $class; }
if (!$class) { $class = $realm; }
$username = $user . '@' . $realm;
my $table = $class;
$table =~ s/\./_/g;
(RADIATOR) PostAuthHook Function
Hello
In my PostAuthHook function, i need to get the
framed-ip-address that will be sent to the user.
The first line below works perfectly
my $username = $p->getAttrByNum($Radius::Radius::USER_NAME);
but the second doesn't want to works.
my $ipaddress = $p->getAttrByNum($Radius::Radius::FRAMED_IP_ADDRESS);
Note:
$p = ${$_[0]}; # At the begining of my PostAuthHook function
When i look the debug file i can see
...
Code: Access-Accept
Identifier: 250
Authentic: 1234567890123456
Attributes:
Framed-IP-Address = 10.1.0.16
Service-Type = Framed-User
So How can i Get the ip address (10.1.0.16) in a PostAuthHook Function ?
Thanks a lot
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) postauthhook
Hello Brandon -
On Mon, 17 Apr 2000, Brandon wrote:
>
> When doing a postauthhook, or reply handler hook... how do you get the username
> before the "stripping" of the realm takes place. Currently I am doing .
>
> my $username = $p->getUserName();
>
> and it seems to be giving me the username after the rewrite takes place.
>
To get the original username, do this:
my $username = $p->{OriginalUserName};
BTW - there are some example hooks in the patches area:
http://www.open.com.au/radiator/downloads/patches-2.15/hooks.txt
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook question...
Hi, Is it possible for a PostAuthHook to identify which of multiple AuthBy methods in a realm have triggered it? I have a ContinueWhileReject realm with Authbys of FILE, then LDAP, then RADIUS. What I'd like to do is have a postauthhook subroutine react only to successful LDAP authentications... The hook itself writes the user details into the file consulted by the AuthBy File - i.e. it is effectively a cache of successful LDAP lookups. Obviously I don't want the hook triggered by a success against the initial cache file lookup (!), nor do I want successful proxy RADIUS authentications written to the cache. Any hints/help? All I can think of at the moment is transferring the hook code directly into the LDAP module itself, which I'd rather not do since I'd like to be able to turn off the cacheing easily (i.e. by commenting out the postauthhook line of the cfg and restarting). M. -- Mark O'Leary, Manchester Computing, UK PGP Key and Further Details: http://lucy.mcc.ac.uk/mark/mark.html === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook
Hello Charles -
On Thursday 11 January 2001 12:15, Charles Sprickman wrote:
> Hi,
>
> I've got a stand-alone perl program that hits the RADONLINE db and makes
> entries in an access database for sendmail. On it's own, it works fine,
> but I'm trying to make it work as a subroutine called from a PostAuthHook
> in my Handler for IPass requests:
>
> [from radius.cfg...]
> AuthBy Ipass_SQL
> AuthBy Ipass_User
>
> # call an external program to open up mail relaying for
> # this user
> # PostAuthHook file:"%D/write-access.pl"
> [...]
>
> I've been playing around with trying to get it to work, but I'm not
> totally familiar with the whole idea of subroutines and local vs. global
> variables. At this time, I get the following error:
>
> Wed Jan 10 20:03:59 2001: NOTICE: SIGHUP received: restarting
> Wed Jan 10 20:03:59 2001: ERR: Compilation error in PostAuthHook(): Can't
> declare subroutine entry in my at (eval 535) line 46, at EOF
>
> I've changed all my variables to be in the format 'my $foo="bar";', but
> I'm having trouble with getting a while loop that goes through an array
> working (the log entry above always seems to be around the while loop).
>
> I'm also curious if there's a better way to be hitting the database since
> radiator already has a connection to it...
>
> I've included the whole mess below in hopes that someone can give me a
> hand with this. Running standalone is an option as well, I guess, I'd
> just have to run this very frequently.
>
> Thanks,
>
> Charles
>
>
> # -*- mode: Perl -*-
> # PopAuth
> # don't really know what the above does...
>
> # CSS 01/10/01
>
> # small program to update a sendmail (or possibly other) access
> # list based on current logged in users outside of our normal
> # IP range. Specifically, for IPass users. This can be run
> # standalone out of cron or be called by a PostAuthHook in the
> # handler/realm used for IPass requests.
>
> # the m4 file used to tweak sendmail is here:
> # http://www.sendmail.org/~ca/email/rules/popauth.m4
> # It goes in the "hack" directory under sendmail's cf directory.
>
> sub
> {
> # config options
> my $dbhost = "localhost";
> my $dbuser = "xxx";
> my $dbpass = "xxx";
> my $dbname = "radius";
> my $dbtext = "/usr/local/etc/mail/popauth";
> my $localips = "216.223.19";
> my $makemap = "/usr/sbin/makemap";
> my $dbtype = "hash";
> my $dbfile = "/usr/local/etc/mail/popauth.db";
>
> # needed for standalone operation...
> #use DBI;
>
> # connect to the db
>
> my $dbhandle =
> DBI->connect("DBI:mysql:$dbname:$dbhost","$dbuser","$dbpass") or die
> $DBI::errstr;
>
> # get file handle
>
> open (POPAUTH, ">$dbtext") || die ("Can't open $dbtext for writing.\n");
>
> # our query
>
> my $dbquery = "select FRAMEDIPADDRESS from RADONLINE where
> (FRAMEDIPADDRESS NOT LIKE '$localips%' AND FRAMEDIPADDRESS IS NOT NULL)";
>
> my $query = $dbhandle->prepare($dbquery);
> $query->execute or die $DBI::errstr;
>
> # this is where the complaints come from
> while (@query_result = $query->fetchrow_array)
> {
> print POPAUTH "$query_result[0]\tOK\n";
> print "$query_result[0]\tOK\n";
> }
>
> close POPAUTH;
> my $dbhandle->disconnect;
>
> my $rc = system ("$makemap $dbtype $dbfile < $dbtext");
>
> if ($rc > 0)
> {
> print "Unable to execute command $makemap, exit code $rc\n";
> }
> return;
> }
>
Your problem is because you haven't declared that you are going to use an
external subroutine.
It is much easier to pick up a reference to your AuthBy SQL clause and just
use that for all database access.
my $authby = Radius::AuthGeneric::find('Ipass_SQL');
.
There are some examples of how to do this sort of thing in the Radiator
2.17.1 distribution in the file "goodies/hooks.txt".
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook
Hi all,
> Your problem is because you haven't declared that you are going to use an
> external subroutine.
Argh. I'm not clear on that. Where would I be declaring that? I thought
just specifying "PostAuthHook" did that...
> It is much easier to pick up a reference to your AuthBy SQL clause and just
> use that for all database access.
>
> my $authby = Radius::AuthGeneric::find('Ipass_SQL');
> .
I don't need to touch any auth stuff, I just need to query the RADONLINE
db... If you can show me how to open a handle to my existing sql
connection, that would probably fix me up.
> There are some examples of how to do this sort of thing in the Radiator
> 2.17.1 distribution in the file "goodies/hooks.txt".
Ah, I'm still on 2.16.1, and I see you've added some stuff to that file.
I still don't really get what's going on there, especially how to refer
back to variables declared in radiator and it's modules.
Do you (or any list members) have any examples showing how to get a handle
on a sql connection?
Or is there an easy way to just make "PostAuthHook" call an external
program?
I think the rest of my code, if not great (or even good), will achieve my
desired goals...
The main reason I want to implement it in the PostAuthHook is so that I
can trigger my script on login/logout of IPass people (I've got them in a
seperate handler).
Thanks,
Charles
> hth
>
> Hugh
>
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
>
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook
Hello Charles -
On Friday 12 January 2001 09:40, Charles Sprickman wrote:
> Hi all,
>
> > Your problem is because you haven't declared that you are going to use an
> > external subroutine.
>
> Argh. I'm not clear on that. Where would I be declaring that? I thought
> just specifying "PostAuthHook" did that...
>
The PostAuthHook parameter defines the hook and calls it from Radiator, what
I was refering to was the routine that you are trying to call from the hook.
> > It is much easier to pick up a reference to your AuthBy SQL clause and
> > just use that for all database access.
> >
> > my $authby = Radius::AuthGeneric::find('Ipass_SQL');
> > .
>
> I don't need to touch any auth stuff, I just need to query the RADONLINE
> db... If you can show me how to open a handle to my existing sql
> connection, that would probably fix me up.
>
> > There are some examples of how to do this sort of thing in the Radiator
> > 2.17.1 distribution in the file "goodies/hooks.txt".
>
> Ah, I'm still on 2.16.1, and I see you've added some stuff to that file.
> I still don't really get what's going on there, especially how to refer
> back to variables declared in radiator and it's modules.
>
> Do you (or any list members) have any examples showing how to get a handle
> on a sql connection?
>
> Or is there an easy way to just make "PostAuthHook" call an external
> program?
>
> I think the rest of my code, if not great (or even good), will achieve my
> desired goals...
>
> The main reason I want to implement it in the PostAuthHook is so that I
> can trigger my script on login/logout of IPass people (I've got them in a
> seperate handler).
>
To get a handle to your session database you would do something similar to
the above (I didn't understand what you required the first time):
my $sessdb = Radius::SessGeneric::find('Ipass_SQL');
Then you can use $sessdb to call any routines in SessSQL.pm and any routines
that SessSQL.pm inherits from (including DBD/DBI).
hth
Hugh
ps - in your previous mail you asked this:
# -*- mode: Perl -*-
# PopAuth
# don't really know what the above does...
The first line is an emacs tag that tells emacs to use "mode: Perl" for
editing this file.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook Successes?
Hi I'm trying to use PostAuthHook and having no success in adding or deleting attributes from the reply packet. Can someone send me an example or two. Thanks. =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= Remi Godin Escape Communications Corp. Jr. Systems Support665 Stafford Street Winnipeg, MB R3M 2X7 [EMAIL PROTECTED] Tel: 1-877-372-2730 =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook Problem
Hi,
I'm having trouble with the PostAuthHook Realm/Handler parameter.
My Hook basically looks like this (stripped down to the essentials):
PostAuthHook sub {\
\
my ($request, $reply, $auth_result) = @_; \
\
&Radius::Log::log($main::LOG_NOTICE, "$request - $reply - $auth_result");\
\
$reply->add_attr('Service-Type', 'Framed-User'); \
\
}
The documentation says that the first and second arguments to the subroutine
are references to the request and reply and the third argument is the
result of the Auth phase.
Therefore the add_attr() call should work, but it causes the following error:
Mon Apr 19 21:25:08 1999: ERR: Error in PostAuthHook(): Can't call method "add_attr"
on unblessed reference at (eval 49) line 1.
It seems that in reality the arguments are something else, as the notice
messages from the log() call in the above handler in my logfile suggest:
Mon Apr 19 21:25:08 1999: NOTICE: SCALAR(0x858dfc8) - SCALAR(0x84aefcc) -
SCALAR(0x85a71ec)
Shouldn't this read something like
Radius::AttrVal=HASH(0x80c24a4) - Radius::AttrVal=HASH(0x80c24a4) - 1
Anyone got any ideas?
Thanks
-Marc Liyanage
--
_
Marc Liyanage[EMAIL PROTECTED]
http://www.access.ch/ml
Failure to prepare is preparing to fail
_
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) Radiator PostAuthHook
Trying to use thePostAuthHook function ot have Radiator generate some
custom logs to give details of all attempted logins. Current PostAuthHook
shown below;
PostAuthHook sub { my $filename = "/usr/local/radius/logs/testlog"; \
my $time = time; \
my $ctime = localtime($time); \
my $nas_ip = $_[0]->get_attr('NAS-IP-Address'); \
my $phone = $_[0]->get_attr('Called-Station-Id'); \
my $user = $_[0]->get_attr('User-Name'); \
my $r = "NULL"; \
$nas_ip = "POP3 mail" \
if $nas_ip eq "196.14.80.129";\
$r = "DENY" \
if $_[2] == $main::REJECT; \
$r = "ACCEPT" \
if $_[2] == $main::ACCEPT;\
open(LOG, ">>$filename");\
print LOG "$ctime: UserName \"$user\": Dialed $phone
- $nas_ip - $r\n"; \
close(LOG); }
No compilation errors are reported, however when a request is processed the
log file reports the following error message;
Thu Jun 3 10:30:56 1999: ERR: Error in PostAuthHook(): Can't call method
"get_attr" on unblessed reference at (eval 189) line 1.
Radiator version - 2.13.1
Patched - patches-2.13.1.tar.gz - June 3 1999
Any suggestions on how to overcome this would be greatly appreciated..
Regards
Ian Hughes
+--+
Ian Hughes - Tech Support/System Admin.
Hunterlink Pty. Ltd. (Australia)
1st Floor, 805 Hunter Street
Dangar, NSW, 2309 Australia
Phone: +61 2 4969 0122 Fax: +61 2 4969 0133
E-Mail: [EMAIL PROTECTED]
+--+
If things get any worse, I'll have to ask you to stop helping me.
+--+
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook (Sockets creation)
hi, i m writing a sub-routine in PostAuthHook which will send a string to a server once user in authenticated. I written a client socket program and it was running fine till when i m getting 100 req/sec, and i got lots of re-transmissions. i found out that it's the sub-routine that's causing the problem as it is opening to many sockets and wasn't able to close in time and my box just ran out of buffer. Any solution on this? Possible to create a AuthBy module that will create a client connection to the server and just send the data through PostAuthHook? benny === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook question.
Hello Griff -
At 9:33 AM -0700 6/21/01, Griff Hamlin wrote:
>Hello,
>
>I'm in need of adding specific attributes to the reply packets for one
>of the routers I have to authenticate (out of hundreds). Since I only
>have need for one handler and we don't use realms, I figure the best
>thing to do would be to have a little PostAuthHook that tested my
>request for the right IP address and if it passes, add the apprpriate
>attributes to the reply packet. I used to have a problem with
>NAS-IP-Address fields not matching the actual IP address of the router
>sending the packet, so now I have an 'identifier' in every client block
>with the IP address that I want to be associated with each router (it's
>actual IP address.) That 'identifier' is used in my AUthBy module that I
>wrote to test various things about each router (allowing certain
>customers access only on certain routers, etc.)
>
>When I put in the following PostAuthHook, it won't compile, and quite
>honestly I'm not sure if I've done this right. Any help would be
>appreciated. I tried to steal this straight out of the manual, so I'm a
>little surprised at the error I get.
>
>
> RewriteUsername s/^([^@]+).*/$1/
>
> AuthByPolicy ContinueUntilAccept
>
> # authorize by the module AuthQuikRadAcct.pm
>
>
># Fork
> # authorize by the module AuthQuikRad.pm
>
>
>
> # Handle the Router 65.89.75.8
> PostAuthHook sub { if ${$_[2]} eq $main::ACCEPT && \
> ${$_[0]}->{Client}->{Identifier} eq "65.89.75.8" { \
> ${$_[1]}->add_attr('Ascend-Data-Filter','ip in forward tcp
>est'); \
> ${$_[1]}->add_attr('Ascend-Data-Filter','ip in forward dstip
>216.176.28.1/32'); \
> ${$_[1]}->add_attr('Ascend-Data-Filter','ip in drop tcp
>dstport=25'); \
> ${$_[1]}->add_attr('Ascend-Data-Filter','ip in forward'); \
> ${$_[1]}->change_attr('Service-Type','Framed'); \
>} \
> }
> # Log accounting to the detail file in LogDir/
> AcctLogFileName %L/%c/detail
># MaxSessions 1
>
>
>The error in the log file is:
>
>Thu Jun 21 10:10:35 2001: ERR: Compilation error in PostAuthHook: syntax
>error at (eval 77) line 1, near "if $"
>syntax error at (eval 77) line 2, at EOF
>Missing right bracket at (eval 77) line 2, at end of line
>
>Thu Jun 21 10:10:35 2001: ERR: Unknown keyword
>'${$_[1]}->add_attr('Ascend-Data-Filter','ip' in /etc/radius.cfg line
>109
>
>
>It appears to be failing right away at my conditional. Are conditionals
>unacceptable?
Conditionals are certainly acceptable, however I strongly encourage
you to put your hook(s) in external files and edit them with a normal
editor.
I suggest you start with one of the examples that are in the file
called "goodies/hooks.txt" in the distribution.
I also suggest that you use some sort of symbolic string in your
Client Identifiers instead of IP addresses, as this will make changes
and so on *much* easier to deal with.
hth
Hugh
--
NB: I am travelling this week, so there may be delays in our correspondence.
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook Stopped Working
Hi,
I had radiator working with my PostAuthHook just how I wanted.
Then I made some changes to the PostAuthHook. All I did (I think?) was
create a new user in my database and then I updated the new
username/password in the config files. Now My PostAuthHook does not work.
And I'm at a loss to realise why??
Here is an Accounting Request that should be inserted into my database
through the PostAuthHook.
But now the Hook is not even being called. I'm pretty confident in saying
that because I added a 'write to file' at the beginning of the hook to test
it. But to no success.
I noticed some talk about a patch for the PostAuthHook but I'm not sure if I
need it.
Weird.
It was working...
Now it's not.
Help!
I'm using Radiator 2.17.1
I have another problem to. My auth log is logging successes but not
failures.
Wed Sep 5 10:47:43 2001: DEBUG: Packet dump:
*** Received from 192.168.0.9 port 1445
Code: Accounting-Request
Identifier: 60
Authentic: <180><189>mBY<157><156>X<152><14><7><180><150><1>@<174>
Attributes:
Acct-Status-Type = Accounting-On
Acct-Session-Id = "0"
Acct-Authentic = RADIUS
Acct-Authentic = RADIUS
User-Name = "ewong"
Command-Code = "Command-Code (level: 10): system show ac"
NAS-IP-Address = 192.168.0.9
Wed Sep 5 10:47:43 2001: DEBUG: Check if Handler Realm=SSR should be used
to handle this requestWed Sep 5 10:47:43 2001: DEBUG: Handling request with
Handler 'Realm=SSR'
Wed Sep 5 10:47:43 2001: DEBUG: Deleting all sessions for 192.168.0.9
Wed Sep 5 10:47:43 2001: DEBUG: got On/Off from 192.168.0.9
Wed Sep 5 10:47:43 2001: DEBUG: Handling with Radius::AuthSQL
Wed Sep 5 10:47:43 2001: DEBUG: Handling accounting with Radius::AuthSQL
Wed Sep 5 10:47:43 2001: DEBUG: Accounting accepted
Wed Sep 5 10:47:43 2001: DEBUG: Packet dump:
*** Sending to 192.168.0.9 port 1445
Code: Accounting-Response
Identifier: 60
Authentic: <180><189>mBY<157><156>X<152><14><7><180><150><1>@<174>
Attributes:
# radius configuration file
Foreground yes
LogStdout no
Trace 4
LogDir /opt/radiator/log
DbDir /usr/local/mysql/var/radiusdb
DictionaryFile /opt/radiator/dictionary
AuthPort1812
AcctPort1813
BindAddress 192.168.0.10
DBSourcedbi:mysql:radiusdb
DBUsername radiator
DBAuth password
GetClientQuery select ip,secret,NULL,NULL,realm from device,model
where modelID=model.ID;
PreAuthHook file:"/opt/radiator/PreAuthHook"
PostAuthHook file:"/opt/radiator/SSRAccounting"
DBSourcedbi:mysql:radiusdb
DBUsername radiator
DBAuth password
Table authorisation
LogSuccess 1
LogFailure 1
SuccessQuery insert into
authorisation(date,username,deviceIP,status) values('%Y-%m-%d
%H:%M:%S','%U','%N',1)
FailureQuery insert into
authorisation(date,username,deviceIP,status) values('%Y-%m-%d
%H:%M:%S','%U','%N',0)
DBSourcedbi:mysql:radiusdb
DBUsername radiator
DBAuth password
RejectEmptyPassword
AuthSelect select password from user where username='%U'
AuthColumnDef 0, Password, check
PreAuthHook file:"/opt/radiator/PreAuthHook"
DBSourcedbi:mysql:radiusdb
DBUsername radiator
DBAuth password
Table authorisation
LogSuccess 1
LogFailure 1
SuccessQuery insert into
authorisation(date,username,deviceIP,status) values('%Y-%m-%d
%H:%M:%S','%U','%N',1)
FailureQuery insert into
authorisation(date,username,deviceIP,status) values('%Y-%m-%d
%H:%M:%S','%U','%N',0)
DBSourcedbi:mysql:radiusdb
DBUsername radiator
DBAuth password
RejectEmptyPassword
AuthSelect select password from user where username='%U'
AuthColumnDef 0, Password, check
PostAuthHook file:"/opt/radiator/SSRAccounting"
PostAuthHook - not being called anymore
use DBI;
use DBD::mysql;
sub {
open(FILE, ">/opt/radiator/testacc");
flock(FILE,2);
print FILE "Hook is being called";
flock(FILE,8);
close(FILE);
my $host = "localhost";
my $dbname = "radiusdb";
my $dbpasswd = "password";
my $dbuser = "radiator";
my $data_source = "DBI:mysql:database=$dbname;host=$host";
my $dbh = DBI->connect($data_source, $dbuser, $dbpasswd);
my $request = ${$_[0]};
my $request_code = $request->code;
my $request_id = $request->identifier;
my $reply= ${$_[1]};
my $reply_code = $reply->code;
my $reply_id = $reply->i
Re: (RADIATOR) PostAuthHook nightmares.
Hello Steve -
There are some example hooks including a ReplyHook that does pretty
much what you require in the file "goodies/hooks.txt".
If you have any further questions, please let me know.
regards
Hugh
Hey all, I have the following script (included below) that I use to
assign
an IP address based upon a user "Class"
NAS --- Radius Proxy --- Radius Auth
--- Auth File
Say a user logs in with "[EMAIL PROTECTED]" they will get authed out of
a
file, the PostAuthHook looks at the "Class" attribute that is set in
the
Auth File and preforms a database lookup against that IP class pool,
allocates the user an IP, then updates the database tagging that IP
against
this user.
This all seemed to work quite happily until I tried to do the same
thing by
proxying across to a remote radius server (customer run so no control
over
the attributes that are returned)
I added the ' AddToReplyIfNotExist Class = "fred.com" ' directive in
the
AuthBy RADIUS clause, which appears to work quite happily, however, the
hook documentation seems to be rather lacking when it comes to
discussing
radius proxy requests
Under the AuthBy FILE directive, the hook variables as set as such
(for an
Access-Accept)
${$_[0]} is the current request
${$_[1]} is the reply packet -> nas
${$_[2]} is the auth result
The issue appears to be that the Auth Result for a file auth, and the
Auth
Result for a radius proxy auth are not the same, in the file auth, we
get a
$main::ACCEPT (${$_[2]} == 0) when the auth succeeds, with the radius
proxy, wether it is an Accept or a Reject we end up with a
$main::IGNORE.
This obviously is an issue because it becomes difficult to allocate
IP's
based upon an access accept, and not allocate when getting an
access-reject.
Question is - what should I be testing against if it is not supposed
to be
the Auth Result ? I need this to be able to work against both radius
authing and file authing, and what other gotcha's am I going to see
later
on ? is there any fuller documentation than the goodies/hooks.txt list
?
Hope this makes some sense :-)
-- Script follows, I've since gone through and added much logging for
debug
purposes --
-- The script is still in development obviously so please ignore any
discrepancies --
sub {
use Mysql;
my $dbuser = 'someuser';
my $dbpass =
'thisisatopsecretdatabasepasswordthatwillneverappearonamailinglist';
my $dbhost = 'bigarse.database.server';
my $dbh_ipalloc = undef;
my $p = ${$_[0]}; # Current Request
my $rp = ${$_[1]}; # reply packet to NAS
my $ar = ${$_[2]}; # Result of Auth
my $rr = ${$_[3]}; # Reject Reason
# get the reply code from the proxy radius
my $code = $p->code;
# and a few other attributes
my $class= $rp->get_attr('Class');
my $type = $p->get_attr('Acct-Status-Type');
my $actclass = $p->get_attr('Class');
my $username = $p->get_attr('User-Name');
&main::log($main::DEBUG, "ar= $ar");
&main::log($main::DEBUG, "ACCEPT= $main::ACCEPT");
&main::log($main::DEBUG, "REJECT= $main::REJECT");
&main::log($main::DEBUG, "IGNORE= $main::IGNORE");
&main::log($main::DEBUG, "code = $code");
&main::log($main::DEBUG, "Username = $username");
&main::log($main::DEBUG, "Type = $type");
&main::log($main::DEBUG, "Class = $class");
&main::log($main::DEBUG, "AcctClass = $actclass");
if (($ar == $main::ACCEPT) || ($ar == $main::IGNORE))
{
# delete any framed-ip or netmask
$rp->delete_attr('Framed-IP-Address');
$rp->delete_attr('Framed-IP-Netmask');
my ($user, $realm) = split /@/, $username, 2;
if (!$realm) { $realm = $class; }
if (!$class) { $class = $realm; }
$username = $user . '@' . $realm;
my $table = $class;
$table =~ s/\./_/g;
$table = 'tb_ipAlloc_' . $table;
&main::log($main::DEBUG, "Table used : $table");
&main::log($main::DEBUG, "UserName : $username");
# open a databse connection
if ($dbh_ipalloc = Mysql->connect($dbhost, undef,
$dbuser,
$dbpass)) {
$dbh_ipalloc->selectdb('data');
} else {
&HandleError ("connect failed");
}
# construct the SQL query to get the IP address
my $SQL = "SELECT ip FROM $table WHERE name =
'$username'";
&main::log($main::DEBUG, "SQL: $SQL");
my $sth = $dbh_ipalloc->query($SQL);
my $totalRows = $sth->numrows;
&main::log($ma
Re: (RADIATOR) PostAuthHook nightmares.
At 16:02 26/11/2002, Hugh Irvine wrote:
Hello Steve -
There are some example hooks including a ReplyHook that does pretty much
what you require in the file "goodies/hooks.txt".
If you have any further questions, please let me know.
Found that after I posted the message :-) I'm am now busy LARTing myself
and rewriting my script - It appears however that I will still need two
separate instances of the script, one to handle Local Authing by AuthBy
FILE and one to handle AuthBy RADIUS, would that be right ?
Also, is there a way, when changing the reply code to an Access-Reject, to
insert your own Reply-Message to something other than "Request Denied" ? it
appears that $rp->change_attr and $rp->delete_attr('Reply-Message'); simply
add another Reply-Message Attribute and dont actually delete the "Request
Denied" reply.
Also :-)
When changing the message code to an Access-Reject, is there a way to
delete all the current attributes in the reply packet as these are still
sending back information such as "Framed-MTU" etc etc (this is mostly
cosmetic I guess as it does not appear to actually break anything)
Thanks,
--
Steve.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook nightmares.
Hello Steve -
I am not sure I understand your question regarding two instances of the
hook.
The usual case is to seperate the processing for the two cases using
either Realms or (more generally) Handlers.
And with an AuthBy FILE as you describe, you don't usually need a hook
at all - you just need to define your address pools to use whatever
comes back from the database lookup, and use an AuthByPolicy
ContinueWhileAccept to control the two AuthBy clauses.
In the case of the AuthBy RADIUS clause, you need a ReplyHook because
the reply comes back asynchronously from the proxy.
And yes you can add your own Reply-Message - just call
"delete_attr()" first before adding your new one.
You are correct in pointing out that reply attributes in an
Access-Reject don't usually cause problems. However you might want to
look at using "AllowInReply" in your Authby RADIUS clause to limit the
reply attributes that you will accept from a proxy. Then if you want to
delete even those, you can use the reference to "AllowInReply" when you
call "delete_attr".
regards
Hugh
On Tuesday, Nov 26, 2002, at 14:32 Australia/Melbourne, Steve Phillips
wrote:
At 16:02 26/11/2002, Hugh Irvine wrote:
Hello Steve -
There are some example hooks including a ReplyHook that does pretty
much what you require in the file "goodies/hooks.txt".
If you have any further questions, please let me know.
Found that after I posted the message :-) I'm am now busy LARTing
myself and rewriting my script - It appears however that I will still
need two separate instances of the script, one to handle Local Authing
by AuthBy FILE and one to handle AuthBy RADIUS, would that be right ?
Also, is there a way, when changing the reply code to an
Access-Reject, to insert your own Reply-Message to something other
than "Request Denied" ? it appears that $rp->change_attr and
$rp->delete_attr('Reply-Message'); simply add another Reply-Message
Attribute and dont actually delete the "Request Denied" reply.
Also :-)
When changing the message code to an Access-Reject, is there a way to
delete all the current attributes in the reply packet as these are
still sending back information such as "Framed-MTU" etc etc (this is
mostly cosmetic I guess as it does not appear to actually break
anything)
Thanks,
--
Steve.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook Function
Hello Requiem -
On Wed, 22 Sep 1999, [EMAIL PROTECTED] wrote:
> Hello
>
> In my PostAuthHook function, i need to get the
> framed-ip-address that will be sent to the user.
>
> The first line below works perfectly
> my $username = $p->getAttrByNum($Radius::Radius::USER_NAME);
> but the second doesn't want to works.
> my $ipaddress = $p->getAttrByNum($Radius::Radius::FRAMED_IP_ADDRESS);
>
> Note:
> $p = ${$_[0]}; # At the begining of my PostAuthHook function
>
> When i look the debug file i can see
> ...
> CCode: Access-Accept
> Identifier: 250
> Authentic: 1234567890123456
> Attributes:
> Framed-IP-Address = 10.1.0.16
> Service-Type = Framed-User
>
> So How can i Get the ip address (10.1.0.16) in a PostAuthHook Function ?
>
Please have a look at Sections 6.13.10 and 6.13.11 in the Radiator 2.14.1
reference manual:
6.13.10 PreAuthHook
This optional parameter allows you to define a Perl function that will be called
during
packet processing. PreAuthHook is called for each request after per-Realm
username rewriting and before it is passed to any AuthBy clauses. A reference
to the current request is passed as the first argument, and a reference to the
reply packet currently being constructed is passed as the second argument.
The hook code is compiled by Perl when Radiator starts up. Compilation errors in your
hook
code will be reported to the log file at start-up time. Runtime errors in your
hook will also be reported to the log file when your hook executes. Multiline
hooks (i.e. with trailing backslashes (\)) are parsed by Radiator into one long
line. Therefore you should not use trailing comments in your hook.
PreAuthHook Can be an arbitrarily complicated Perl function, that might run external
processes, consult databases, change the contents of the current request or
many other things.
# Fake a new attribute into the request
PreAuthHook sub { ${$_[0]}->add_attr(`test-attr', \
`test-value');}
6.13.11 PostAuthHook
This optional parameter allows you to define a Perl function that will be called
during
packet processing. PostAuthHook is called for each request after it has been
passed to all the AuthBy clauses. A reference to the current request is passed
as the first argument, and a reference to the reply packet currently being
constructed is passed as the second argument. The third argument is the result
of the authentication ($main::ACCEPT, $main::REJECT etc.).
The hook code is compiled by Perl when Radiator starts up. Compilation errors in
your hook code will be reported to the log file at start-up time. Runtime
errors in your hook will also be reported to the log file when your hook
executes. Multiline hooks (i.e. with trailing backslashes (\)) are parsed by
Radiator into one long line. Therefore you should not use trailing comments in
your hook.
PostAuthHook Can be an arbitrarily complicated Perl function, that might run external
processes, consult databases, change the contents of the current request or
many other things.
# Add some reply attributes to the reply message
# if it is a REJECT and there is 1 or fewer there already
PostAuthHook sub { ${$_[1]}->add_attr(`test-attr', \
`test-value') \
if ${$_[2]} == $main::REJECT \
&& ${$_[1]}->attr_count() <= 1; }
Notice that the information you are looking for is in the reply packet (as seen
from the debug output). Therefore you need to use ${$_[1]} to reference the
second parameter passed to the hook (the reply packet).
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook question...
Hello Mark - At 15:42 + 6/12/00, Mark O'Leary wrote: >Hi, > >Is it possible for a PostAuthHook to identify which of multiple AuthBy >methods in a realm have triggered it? Actually, the PostAuthHook fires after *all* of the AuthBy clauses have been executed, so no there is no easy way to do what you describe. >I have a ContinueWhileReject realm with Authbys of FILE, then LDAP, then >RADIUS. What I'd like to do is have a postauthhook subroutine react only to >successful LDAP authentications... > >The hook itself writes the user details into the file consulted by the AuthBy >File - i.e. it is effectively a cache of successful LDAP lookups. Obviously I >don't want the hook triggered by a success against the initial cache file >lookup (!), nor do I want successful proxy RADIUS authentications written to >the cache. > >Any hints/help? All I can think of at the moment is transferring the hook >code directly into the LDAP module itself, which I'd rather not do since I'd >like to be able to turn off the cacheing easily (i.e. by commenting out the >postauthhook line of the cfg and restarting). > I think your last idea is the best - roll some code into the LDAP module. However, I would use as an example the code that is in the new version of the AuthRADIUS.pm module for caching radius replies. Then I would set up a USR1HOOK and a USR2HOOK to change the caching on the fly. Download Radiator 2.17.1 which is where you will find all the code and the new hook support. regards Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) PostAuthHook Successes?
-BEGIN PGP SIGNED MESSAGE- Hi there, I posted a message with this same problem to the list less than a week ago. Nobody answered. We really broke our head trying to do this but it was impossible. Honestly, I think that nobody has tried it yet. Perhaps some day Mike will come back... On 12-Mar-99 Remi Godin wrote: > Hi > > I'm trying to use PostAuthHook and having no success in adding or > deleting > attributes from the reply packet. > Can someone send me an example or two. > > Thanks. > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > -= > Remi Godin Escape Communications Corp. > Jr. Systems Support665 Stafford Street > Winnipeg, MB R3M 2X7 > > [EMAIL PROTECTED] Tel: 1-877-372-2730 > =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= > -= > > > === > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. - --- Arturo Pina - [EMAIL PROTECTED] CTV Internet [http://www.ctv.es/] +34 902 444557 -BEGIN PGP SIGNATURE- Version: 2.6.3i Charset: noconv iQCVAwUBNulL+N+A5jTOp/8tAQHFzgQA0bVGEL4RF9ze+2Mg/hW2D3fMItiFPdX5 IZENLgjZj7uyHkVH6yoqY7gC96S/Py4sdlJBvt7MACH7CA8x3XjRVaY7SVPoQ7Zq zakGnLpBuk0wZeNPgu59hbbHXxWCnde+B5JE7F8zrruzYW5+m1dYMzIr12IZUK9Z /Pxt+PRZv94= =A2D4 -END PGP SIGNATURE- === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook Successes?
HI There is a patch for the Handler.pm which helped. However I'm still having problems. But at least now it is executing the perl code. -Original Message- From: Arturo Pina <[EMAIL PROTECTED]> To: Remi Godin <[EMAIL PROTECTED]> Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]> Date: Friday, March 12, 1999 11:21 AM Subject: RE: (RADIATOR) PostAuthHook Successes? >-BEGIN PGP SIGNED MESSAGE- > >Hi there, >I posted a message with this same problem to the list less than a week >ago. Nobody answered. >We really broke our head trying to do this but it was impossible. >Honestly, I think that nobody has tried it yet. Perhaps some day Mike >will come back... > >On 12-Mar-99 Remi Godin wrote: >> Hi >> >> I'm trying to use PostAuthHook and having no success in adding or >> deleting >> attributes from the reply packet. >> Can someone send me an example or two. >> >> Thanks. >> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >> -= >> Remi Godin Escape Communications Corp. >> Jr. Systems Support665 Stafford Street >> Winnipeg, MB R3M 2X7 >> >> [EMAIL PROTECTED] Tel: 1-877-372-2730 >> =-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-= >> -= >> >> >> === >> To unsubscribe, email '[EMAIL PROTECTED]' with >> 'unsubscribe radiator' in the body of the message. > >- --- >Arturo Pina - [EMAIL PROTECTED] >CTV Internet [http://www.ctv.es/] >+34 902 444557 > >-BEGIN PGP SIGNATURE- >Version: 2.6.3i >Charset: noconv > >iQCVAwUBNulL+N+A5jTOp/8tAQHFzgQA0bVGEL4RF9ze+2Mg/hW2D3fMItiFPdX5 >IZENLgjZj7uyHkVH6yoqY7gC96S/Py4sdlJBvt7MACH7CA8x3XjRVaY7SVPoQ7Zq >zakGnLpBuk0wZeNPgu59hbbHXxWCnde+B5JE7F8zrruzYW5+m1dYMzIr12IZUK9Z >/Pxt+PRZv94= >=A2D4 >-END PGP SIGNATURE- > === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook Successes?
On 1999-03-12T11:47:37, "Remi Godin" <[EMAIL PROTECTED]> said: > There is a patch for the Handler.pm which helped. However I'm still having > problems. But at least now it is executing the perl code. Which patch, what should your code do, what does it do, how does it fail, what does your code look like? Sincerely, Lars Marowsky-Brée -- Lars Marowsky-Brée Network Management teuto.net Netzdienste GmbH - DPN Verbund-Partner === To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook Problem
Hi Marc,
On Apr 19, 9:44pm, Marc Liyanage wrote:
> Subject: (RADIATOR) PostAuthHook Problem
>
>
> Hi,
>
> I'm having trouble with the PostAuthHook Realm/Handler parameter.
>
>
> My Hook basically looks like this (stripped down to the essentials):
>
> PostAuthHook sub {\
> \
> my ($request, $reply, $auth_result) = @_; \
> \
> &Radius::Log::log($main::LOG_NOTICE, "$request - $reply -
$auth_result");\
> \
> $reply->add_attr('Service-Type', 'Framed-User'); \
> \
> }
>
>
> The documentation says that the first and second arguments to the subroutine
> are references to the request and reply and the third argument is the
> result of the Auth phase.
>
>
> Therefore the add_attr() call should work, but it causes the following error:
>
> Mon Apr 19 21:25:08 1999: ERR: Error in PostAuthHook(): Can't call method
"add_attr" on unblessed reference at (eval 49) line 1.
You will have to reference it like this:
$$reply->add_attr(.
Hope that helps.
Cheers.
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, external, etc etc on Unix, Win95/8, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radiator PostAuthHook
Hi Ian,
On Jun 17, 4:09pm, Ian Hughes wrote:
> Subject: (RADIATOR) Radiator PostAuthHook
>
> Trying to use thePostAuthHook function ot have Radiator generate some
> custom logs to give details of all attempted logins. Current PostAuthHook
> shown below;
Contrary to the documentation, you need to dereference $_[0] like this:
my $nas_ip = ${$_[0]}->get_attr('NAS-IP-Address');
and $_[2] like this:
if ${$_[2]} == $main::REJECT;
We apologise for the error in our docs.
Hope that helps.
Cheers.
>
> PostAuthHook sub {my $filename = "/usr/local/radius/logs/testlog"; \
>
> my $time = time; \
> my $ctime = localtime($time); \
> my $nas_ip = $_[0]->get_attr('NAS-IP-Address'); \
> my $phone = $_[0]->get_attr('Called-Station-Id'); \
> my $user = $_[0]->get_attr('User-Name'); \
> my $r = "NULL"; \
> $nas_ip = "POP3 mail" \
> if $nas_ip eq "196.14.80.129";\
> $r = "DENY" \
> if $_[2] == $main::REJECT; \
> $r = "ACCEPT" \
> if $_[2] == $main::ACCEPT;\
> open(LOG, ">>$filename");\
> print LOG "$ctime: UserName \"$user\": Dialed $phone
> - $nas_ip - $r\n";\
> close(LOG); }
>
> No compilation errors are reported, however when a request is processed the
> log file reports the following error message;
>
> Thu Jun 3 10:30:56 1999: ERR: Error in PostAuthHook(): Can't call method
> "get_attr" on unblessed reference at (eval 189) line 1.
>
> Radiator version - 2.13.1
> Patched - patches-2.13.1.tar.gz - June 3 1999
> Any suggestions on how to overcome this would be greatly appreciated..
>
> Regards
>
> Ian Hughes
>
> +--+
> Ian Hughes - Tech Support/System Admin.
> Hunterlink Pty. Ltd. (Australia)
> 1st Floor, 805 Hunter Street
> Dangar, NSW, 2309 Australia
> Phone: +61 2 4969 0122 Fax: +61 2 4969 0133
> E-Mail: [EMAIL PROTECTED]
> +--+
> If things get any worse, I'll have to ask you to stop helping me.
> +--+
>
>
>
> ===
> Archive at http://www.thesite.com.au/~radiator/
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Ian Hughes
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook and DB connection
hi, i am trying to think of a method where i can avoid connect to db do something... disconnect from db each time one of my hook gets processing in a radius operation for each postauth request. (so if it handles 100k packets it means that i does 100k times connect to db and 100k times of disconnect!) ideally i want.. to connect to db... (at the point of startup of radius) keep on doing something without disconnecting/connecting again till the life of the radius session/process. any suggestions? S H A N === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook (Sockets creation)
Hello Benny - You could write a StartupHook to set up the socket and then simply use it in your PostAuthHook. See the example hooks in "goodies/hooks.txt". regards Hugh On Friday, Oct 3, 2003, at 18:08 Australia/Melbourne, Benny Chee wrote: hi, i m writing a sub-routine in PostAuthHook which will send a string to a server once user in authenticated. I written a client socket program and it was running fine till when i m getting 100 req/sec, and i got lots of re-transmissions. i found out that it's the sub-routine that's causing the problem as it is opening to many sockets and wasn't able to close in time and my box just ran out of buffer. Any solution on this? Possible to create a AuthBy module that will create a client connection to the server and just send the data through PostAuthHook? benny === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) PostAuthHook Stopped Working
> -Original Message-
> From: Separovic, Jason
> Sent: Wednesday, September 05, 2001 2:21 PM
> To: Separovic, Jason
> Subject: RE: (RADIATOR) PostAuthHook Stopped Working
>
> It's working now.
> I had the restartWrapper going and as I was making the changes to the
> config I sent a NOHUP to the radiusd process.
> This did not work properly, so I killed all processes and then started the
> wrapper and the config worked fine.
>
> -Original Message-
> From: Separovic, Jason [SMTP:[EMAIL PROTECTED]]
> Sent: Wednesday, September 05, 2001 11:18 AM
> To: [EMAIL PROTECTED]
> Subject: (RADIATOR) PostAuthHook Stopped Working
>
> Hi,
>
> I had radiator working with my PostAuthHook just how I wanted.
> Then I made some changes to the PostAuthHook. All I did (I think?) was
> create a new user in my database and then I updated the new
> username/password in the config files. Now My PostAuthHook does not work.
> And I'm at a loss to realise why??
>
> Here is an Accounting Request that should be inserted into my database
> through the PostAuthHook.
> But now the Hook is not even being called. I'm pretty confident in saying
> that because I added a 'write to file' at the beginning of the hook to
> test
> it. But to no success.
>
> I noticed some talk about a patch for the PostAuthHook but I'm not sure if
> I
> need it.
> Weird.
> It was working...
> Now it's not.
>
> Help!
>
> I'm using Radiator 2.17.1
>
> I have another problem to. My auth log is logging successes but not
> failures.
>
> ==
> ==
>
>
> Wed Sep 5 10:47:43 2001: DEBUG: Packet dump:
> *** Received from 192.168.0.9 port 1445
> Code: Accounting-Request
> Identifier: 60
> Authentic: <180><189>mBY<157><156>X<152><14><7><180><150><1>@<174>
> Attributes:
> Acct-Status-Type = Accounting-On
> Acct-Session-Id = "0"
> Acct-Authentic = RADIUS
> Acct-Authentic = RADIUS
> User-Name = "ewong"
> Command-Code = "Command-Code (level: 10): system show ac"
> NAS-IP-Address = 192.168.0.9
>
> Wed Sep 5 10:47:43 2001: DEBUG: Check if Handler Realm=SSR should be used
> to handle this requestWed Sep 5 10:47:43 2001: DEBUG: Handling request
> with
> Handler 'Realm=SSR'
> Wed Sep 5 10:47:43 2001: DEBUG: Deleting all sessions for 192.168.0.9
> Wed Sep 5 10:47:43 2001: DEBUG: got On/Off from 192.168.0.9
> Wed Sep 5 10:47:43 2001: DEBUG: Handling with Radius::AuthSQL
> Wed Sep 5 10:47:43 2001: DEBUG: Handling accounting with Radius::AuthSQL
> Wed Sep 5 10:47:43 2001: DEBUG: Accounting accepted
> Wed Sep 5 10:47:43 2001: DEBUG: Packet dump:
> *** Sending to 192.168.0.9 port 1445
> Code: Accounting-Response
> Identifier: 60
> Authentic: <180><189>mBY<157><156>X<152><14><7><180><150><1>@<174>
> Attributes:
>
> ==
> ==
>
>
> # radius configuration file
>
> Foreground yes
> LogStdout no
> Trace 4
> LogDir /opt/radiator/log
> DbDir /usr/local/mysql/var/radiusdb
> DictionaryFile /opt/radiator/dictionary
> AuthPort1812
> AcctPort1813
> BindAddress 192.168.0.10
>
>
> DBSourcedbi:mysql:radiusdb
> DBUsername radiator
> DBAuth password
>
> GetClientQuery select ip,secret,NULL,NULL,realm from device,model
> where modelID=model.ID;
>
>
>
> PreAuthHook file:"/opt/radiator/PreAuthHook"
> PostAuthHook file:"/opt/radiator/SSRAccounting"
>
> DBSourcedbi:mysql:radiusdb
> DBUsername radiator
> DBAuth password
>
> Table authorisation
> LogSuccess 1
> LogFailure 1
> SuccessQuery insert into
> authorisation(date,username,deviceIP,status) values('%Y-%m-%d
> %H:%M:%S','%U','%N',1)
> FailureQuery insert into
> authorisation(date,username,deviceIP,status) values('%Y-%m-%d
> %H:%M:%S','%U','%N',0)
>
>
> DBSourcedbi:mysql:radiusdb
> DBUsername radiator
> DBAuth password
>
> RejectEmptyPassword
>
> AuthSelect select password from user where username=
Re: (RADIATOR) PostAuthHook Stopped Working
Hello Jason -
I note that the accounting request that you show below is an
Accounting-On, probably due to "ewong" running some command on the
NAS. I don't know whether your hook deals with this? Note that the
easiest way to test hook code is by putting print commands in the
code and running Radiator from the command line with -foreground
-log_stdout and -trace 4 so you can see immediately on the console
output what is going on. You should also make sure that the hook code
is being compiled properly at startup by looking at the startup
messages in the same manner.
hth
Hugh
At 11:18 +1000 01/9/5, Separovic, Jason wrote:
>Hi,
>
>I had radiator working with my PostAuthHook just how I wanted.
>Then I made some changes to the PostAuthHook. All I did (I think?) was
>create a new user in my database and then I updated the new
>username/password in the config files. Now My PostAuthHook does not work.
>And I'm at a loss to realise why??
>
>Here is an Accounting Request that should be inserted into my database
>through the PostAuthHook.
>But now the Hook is not even being called. I'm pretty confident in saying
>that because I added a 'write to file' at the beginning of the hook to test
>it. But to no success.
>
>I noticed some talk about a patch for the PostAuthHook but I'm not sure if I
>need it.
>Weird.
>It was working...
>Now it's not.
>
>Help!
>
>I'm using Radiator 2.17.1
>
>I have another problem to. My auth log is logging successes but not
>failures.
>
>
>
>
>Wed Sep 5 10:47:43 2001: DEBUG: Packet dump:
>*** Received from 192.168.0.9 port 1445
>Code: Accounting-Request
>Identifier: 60
>Authentic: <180><189>mBY<157><156>X<152><14><7><180><150><1>@<174>
>Attributes:
> Acct-Status-Type = Accounting-On
> Acct-Session-Id = "0"
> Acct-Authentic = RADIUS
> Acct-Authentic = RADIUS
> User-Name = "ewong"
> Command-Code = "Command-Code (level: 10): system show ac"
> NAS-IP-Address = 192.168.0.9
>
>Wed Sep 5 10:47:43 2001: DEBUG: Check if Handler Realm=SSR should be used
>to handle this requestWed Sep 5 10:47:43 2001: DEBUG: Handling request with
>Handler 'Realm=SSR'
>Wed Sep 5 10:47:43 2001: DEBUG: Deleting all sessions for 192.168.0.9
>Wed Sep 5 10:47:43 2001: DEBUG: got On/Off from 192.168.0.9
>Wed Sep 5 10:47:43 2001: DEBUG: Handling with Radius::AuthSQL
>Wed Sep 5 10:47:43 2001: DEBUG: Handling accounting with Radius::AuthSQL
>Wed Sep 5 10:47:43 2001: DEBUG: Accounting accepted
>Wed Sep 5 10:47:43 2001: DEBUG: Packet dump:
>*** Sending to 192.168.0.9 port 1445
>Code: Accounting-Response
>Identifier: 60
>Authentic: <180><189>mBY<157><156>X<152><14><7><180><150><1>@<174>
>Attributes:
>
>
>
>
># radius configuration file
>
>Foreground yes
>LogStdout no
>Trace 4
>LogDir /opt/radiator/log
>DbDir /usr/local/mysql/var/radiusdb
>DictionaryFile /opt/radiator/dictionary
>AuthPort1812
>AcctPort1813
>BindAddress 192.168.0.10
>
>
> DBSourcedbi:mysql:radiusdb
> DBUsername radiator
> DBAuth password
>
> GetClientQuery select ip,secret,NULL,NULL,realm from device,model
>where modelID=model.ID;
>
>
>
> PreAuthHook file:"/opt/radiator/PreAuthHook"
> PostAuthHook file:"/opt/radiator/SSRAccounting"
>
> DBSourcedbi:mysql:radiusdb
> DBUsername radiator
> DBAuth password
>
> Table authorisation
> LogSuccess 1
> LogFailure 1
> SuccessQuery insert into
>authorisation(date,username,deviceIP,status) values('%Y-%m-%d
>%H:%M:%S','%U','%N',1)
> FailureQuery insert into
>authorisation(date,username,deviceIP,status) values('%Y-%m-%d
>%H:%M:%S','%U','%N',0)
>
>
> DBSourcedbi:mysql:radiusdb
> DBUsername radiator
> DBAuth password
>
> RejectEmptyPassword
>
> AuthSelect select password from user where username='%U'
> AuthColumnDef 0, Password, check
>
>
>
>
> PreAuthHook file:"/opt/radiator/PreAuthHook"
>
> DBSourcedbi:mysql:radiusdb
> DBUsername radiator
> DBAuth password
>
> Table authorisation
> LogSuccess 1
> LogFailure 1
> SuccessQuery insert into
>authorisation(date,username,deviceIP,status) values('%Y-%m-%d
>%H:%M:%S','%U','%N',1)
> FailureQuery insert into
>authorisation(date,username,deviceIP,status) values('%Y-%m-%d
>%H:%M:%S','%U','%N',0)
>
>
> DBSourcedbi:mysql:radiusdb
> DBUsername radiator
> DBAuth password
>
> RejectEmptyPassword
>
> AuthSelect select password from user where username='%U'
> AuthColumnDe
Re: (RADIATOR) PostAuthHook Stopped Working
Hi Jason. I've noticed that PostAuthHooks can be fairly temperamental. You should add to the top of your postauthhook file: use strict; use warnings; Don't forget to do perl -c "file.pl" to syntax check it. One of the reasons I've noticed for silent failures on PostAuthHooks are undeclared variables. If you've added a new variable somewhere, or used a temporary variable without a my declaration, that could be it. use strict && use warnings are always a good idea. Hope this helps. Cheers, Robert Thomson. begin Separovic, Jason quotation: > I had radiator working with my PostAuthHook just how I wanted. > Then I made some changes to the PostAuthHook. All I did (I think?) was > create a new user in my database and then I updated the new > username/password in the config files. Now My PostAuthHook does not work. > And I'm at a loss to realise why?? > > Here is an Accounting Request that should be inserted into my database > through the PostAuthHook. > But now the Hook is not even being called. I'm pretty confident in saying > that because I added a 'write to file' at the beginning of the hook to test > it. But to no success. > > I noticed some talk about a patch for the PostAuthHook but I'm not sure if I > need it. > Weird. > It was working... > Now it's not. > > Help! > > I'm using Radiator 2.17.1 -- Vundan lokon protektis, alian difektis. -- L.L. Zamenhof, "Proverbaro Esperanta" (1905) === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook and reply-items
Hello, Is it possible to access reply-items from PostAuthHook? I need to return reply value from AuthPLSQL of attribute cisco-h323-return-code in case of reject. Thanks. A.Harsani === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) postauthhook, Access-Reject problem.
The attached is our postauthhook file which we use to see if the user
has exceeded their quota of usage, this is calculated on a rolling 30
days. The problem we have is that when a user has used 150% or more we
are trying to send a reject, and due to safety in the script we return 1
second session timeout. The user receives an "Access-Accept" with the
reply message and attributes clearly showing that this user should not
have connected. Where are we going wrong with the changing of the return
code ?
--
Steve Wilson <[EMAIL PROTECTED]>
#!/usr/bin/perl
#host isdn0.radius.legend.net.uk:3306
#user auth / 4uTH
#select from usergroup where UserName = '' and GroupName like 'service_%';
# start of main function
sub {
my $p = ${$_[0]}; # proxy reply packet
my $rp = ${$_[1]}; # reply packet to NAS
my $op = ${$_[2]}; # original request packet
#my $sp = ${$_[3]}; # packet sent to proxy
use DBI;
my %dat;
$dat{username} = $p->getUserName;
if ( not defined ( $dat{contention} ) ) {
$dat{contention} = "service_8to2";
};
# variable names;
my $dbh;
my $sql_query;
my $sth;
my $rv;
my $tmp;
# Config data
# define accounting database config
$dat{dbhost} = 'localhost';
$dat{db} = 'isdn';
$dat{dbuser} = 'user';
$dat{dbpass} = 'pass';
# contention database config
$dat{dbchost} = 'other.radius.server';
$dat{dbc} = 'radius';
$dat{dbcuser} = 'user';
$dat{dbcpass} = 'pass';
# define constants
$dat{time}= time; # current time
$dat{tday}= ( 60*60*24 ); # seconds in 1 day
$dat{tmon}= (30*$dat{tday}); # seconds in 30 days
$dat{tlivem} = $dat{time} - $dat{tmon}; # time 30 days ago
$dat{tlived} = $dat{time} - $dat{tday}; # time 1 days ago
$dat{idlet} = 600; # 10 minutes
if ($p->code eq 'Access-Request')
{
# connect to the contention database
$dbh = DBI->connect("DBI:mysql:$dat{dbc}:$dat{dbchost}",$dat{dbcuser},$dat{dbcpass}) || die "Cannot connect to contention DB" ;
$sql_query = "SELECT `GroupName` FROM `usergroup` WHERE `UserName` = '$dat{username}' AND `GroupName` LIKE 'service_%';";
&main::log($main::LOG_DEBUG, "ASQL[$sql_query]\n");
$sth = $dbh->prepare($sql_query);
$rv = $sth->execute;
$tmp = $sth->fetchrow_hashref;
print "[[[$tmp->{GroupName}]]]\n";
$dat{contention} = $tmp->{GroupName};
$sth->finish;
$dbh->disconnect();
$dat{contention} =~ m/^service_(\d+)to(\d+)$/;
$dat{denominator} = $1;
$dat{numerator} = $2;
$dat{ulimit} = ( $dat{tmon} / $dat{denominator} ) * $dat{numerator};
$dat{ulimitd} = ( $dat{tday} / $dat{denominator} ) * $dat{numerator};
# connect to the accounting database
$dbh = DBI->connect("DBI:mysql:$dat{db}:$dat{dbhost}",$dat{dbuser},$dat{dbpass}) ;
# find the amount of time the user has used this month
$sql_query = "SELECT `ACCTSESSIONTIME`,`TIME_STAMP` FROM `ACCOUNTING` WHERE `USERNAME`='$dat{username}' AND `TIME_STAMP`>$dat{tlivem};";
$dat{usedm} = 0;
$dat{usedd} = 0;
$sth = $dbh->prepare($sql_query);
$rv = $sth->execute;
while ( $tmp = $sth->fetchrow_hashref ) {
if ( defined ( $tmp->{ACCTSESSIONTIME} ) ) {
$dat{usedm} += $tmp->{ACCTSESSIONTIME};
if ( $tmp->{TIME_STAMP} > $dat{tlived} ) {
$dat{usedd} += $tmp->{ACCTSESSIONTIME};
};
};
};
$sth->finish;
$dbh->disconnect();
# found it's in the $dat{usedm} variable and $dat{usedd} variables
print " $dat{ulimit} ";
$dat{percentm} = ( $dat{usedm} / $dat{ulimit} ) * 100;
$dat{percentd} = ( $dat{usedd} / $dat{ulimitd} ) * 100;
&main::log($main::LOG_DEBUG, "$dat{time} $dat{tlivem} Username: $dat{username} - at $dat{contention} has $dat{ulimit} seconds per month and has used $dat{usedm} so has used $dat{percentm}\% this month. and $dat{percentd}\% today - $dat{usedd} / $dat{ulimitd} - $dat{tlived}\n");
#
# users daily limit = their contention in a 24 hour period
#
# idle timeout = 10 mins
#
# so now we decide what to do about it.
#
#$dat{percentm} = 199;
my %ret;
if ( $dat{percentm} >= 150 ) {
$ret{RETURNCODE} = 'Access-Reject';
$ret{IDLETIMEOUT} = 1;
$ret{KICKTIMEOUT} = 1;
} elsif ( $dat{percentm} < 105 ) {
$ret{RETURNCODE} = 'Access-Accept';
$ret{IDLETIMEOUT} = $dat{idlet};
$ret{KICKTIMEOUT} = $dat{ulimitd};
} else {
$ret{RETURNCODE} = 'Access-Accept';
$ret{IDLETIMEOUT} = $dat{idlet} * ( ( 200 - $dat{percentm} ) / 200 );
$ret{KICKTIMEOUT} = $dat{ulimitd} * ( ( 200 - $dat{percentm} ) / 200 );
}
$ret{IDLETIMEOUT} =~ s/\.\d*$//;
$ret{KICKTIMEOUT} =~ s/\.\d*$//;
&main::log($main::LOG_DEBUG, "RC[$ret{RETURNCODE}] IT[$ret{IDLETIMEOUT}] KT[$ret{KICKTIMEOUT}] PM[$dat{percentm}] UM[$dat{usedm}]\n");
my ($it,$st,$it2,$st2);
$it=$rp->get_attr('Idle-Timeout');
$st=$rp->get_attr('Session-Timeout');
$rp->change_attr('Idle-Timeout', $ret{IDLETIMEOUT} );
$rp->change_attr('Session-Timeout', $ret{KICKTIMEOUT} );
(RADIATOR) PostAuthHook and check-items
Is is possible in PostAuthHook in a Realm clause to look at the contents of the check-items that are used in an AuthBy FILE clause? Here is what I'm trying to do: I have some Ascend MAX's that do not support any radius attribute to hang up a user at a specified time. If a user has a restriced login window of 6am-6pm(Time=Al06001800), i would like to force a logoff at 6pm. In order to enforce this, I need to set the Ascend-Maxumum-Call-Duration. To do this, I need a hook to compute that value based on the Time check-item and the time of login and set this in the reply packet. Thanks, Erik Erik Meitner - Network Technician, MCSE, MCP+i Valley Business Equipment and Internet http://www.vbe.com 3200 North Main Street Oshkosh, Wisconsin 54901 Phone: 920.236.6500 x125 Fax: 920.236.6501 mailto:[EMAIL PROTECTED] http://erik.vbe.com Please visit http://www.thehungersite.com/ === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook and external files
Hello ! I want to add some kind of on-line control to the PostAuthHook. A file will be mainteined in the hard disk with the users connected. When a start packet is received a line is added to the file in the disk with the username, logon time, IP Address, etc... When a Stop packet is received the file will be modified removing the user. How are the concurrent request managed by radiator ? I don't want the file to be opened at the same time by two PostAuthHoks because two connection request had arrived at the same time. Must I include some kind of simultaneous-use control of this file ? Regards, Antonio Navarro Navarro BemarNet Management [EMAIL PROTECTED] http://www.bemarnet.es === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook and Vendor Attributes
--- Forwarded mail from [EMAIL PROTECTED]
Date: Tue, 2 May 2000 05:10:14 +1000 (EST)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Michael
Dustin <[EMAIL PROTECTED]>]
>From owner-radiator Tue May 2 05:10:10 2000
Received: by oscar.open.com.au (8.9.0/8.9.0) id FAA00661
for [EMAIL PROTECTED]; Tue, 2 May 2000 05:10:09 +1000 (EST)
>Received: from alastair.tir.com (alastair.tir.com [216.40.128.69]) by
perki.connect.com.au with ESMTP id EAA21743
(8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Tue, 2 May 2000 04:56:07 +1000
(EST)
Received: from alastair.tir.com (alastair.tir.com [216.40.128.69]) by
perki.connect.com.au with ESMTP id EAA21743
(8.8.8/IDA-1.7 for <[EMAIL PROTECTED]>); Tue, 2 May 2000 04:56:07 +1000
(EST)
Received: from darren.tir.com (darren.tir.com [216.40.128.70])
by alastair.tir.com (8.9.1/8.9.1) with ESMTP id OAA11703
for <[EMAIL PROTECTED]>; Mon, 1 May 2000 14:55:51 -0400 (EDT)
Received: from localhost (dusty@localhost)
by darren.tir.com (8.9.1/8.9.1) with ESMTP id OAA09906
for <[EMAIL PROTECTED]>; Mon, 1 May 2000 14:55:41 -0400 (EDT)
X-Authentication-Warning: darren.tir.com: dusty owned process doing -bs
Date: Mon, 1 May 2000 14:55:41 -0400 (EDT)
From: Michael Dustin <[EMAIL PROTECTED]>
To: [EMAIL PROTECTED]
Subject: PostAuthHook and Vendor Attributes
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hello,
I am working on a PostAuthHook that will give us more compact
logging but I have run into a problem. I can get standard
attributes pretty easily by using the examples I have seen
in the Docs and the list. However when I try to get Vendor
Specific Attributes I come up empty handed. Can anyone give
me example code where they are pulling vendor specific
attributes using a hook ?? I have attached some code from my
hook.
my $p = ${$_[0]};
#These come through fine
my $username = $p->getAttrByNum($Radius::Radius::USER_NAME);
my $nasaddress = $p->getAttrByNum($Radius::Radius::NAS_IP_ADDRESS);
my $ipaddress = $p->getAttrByNum($Radius::Radius::FRAMED_IP_ADDRESS);
my $called = $p->getAttrByNum($Radius::Radius::CALLING_STATION_ID);
my $calling = $p->getAttrByNum($Radius::Radius::CALLED_STATION_ID);
my $nasport = $p->getAttrByNum($Radius::Radius::NAS_PORT);
#These "specific to Ascend Attributes" do not seem to be available
#using this code even though they do show up in the main logfile
#
my $shelfno = $r->getAttrByNum($Radius::Radius::ASCEND_MODEM_SHELFNO) ;
my $slotno = $r->getAttrByNum($Radius::Radius::ASCEND_MODEM_SLOTNO) ;
my $portno = $r->getAttrByNum($Radius::Radius::Ascend_Modem_PortNo) ;
-thanx
-dusty
---End of forwarded mail from [EMAIL PROTECTED]
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
2000, NT, MacOS X
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) PostAuthHook and DB connection
You can use an existing database handle from an AuthBy SQL or SessSQL in
your hook. This not only reduces the overhead of disconnecting and
reconnecting to the db each time but also lets you leverage the work that
Radiator does behing the scenes to manage the db connection. Here is an
excerpt from a post by Hugh to the mailing list that explains the details.
The original message can be found here ->
http://www.open.com.au/archives/radiator/2000-06/msg00023.html
I use this technique in several hooks and it works just dandy.
.
# configuration to allow a PostAuthHook to access a database
# either define a new AuthBy SQL if different to an existing AuthBy SQL
# or add an Identifier tag to your existing AuthBy SQL
Identifier yourSQL
DBSource
DBUsername
DBAuth
Then in your hook use the find function in AuthGeneric to retrieve the
reference
to that AuthBy SQL. Once you have the reference, you can use all the
standard
routines in AuthSQL.pm and SqlDb.pm, including prepareAndExecute, etc.
# hook to use an SQL database
sub
{
my $p = ${$_[0]};
my $rp = ${$_[1]};
my $result = ${$_[2]};
my $authby_handle = Radius::AuthGeneric::find('yourSQL');
my $query = "select ..";
my $sth = $authby_handle->prepareAndExecute($query);
.
}
This way you avoid most of the housekeeping, as it is already taken care of
by
the routines in SqlDb.pm. As a relatively simple example of some SQL code
that
uses these routines, have a look at Radius/SessSQL.pm.
Frank Danielson
[Infrastructure Architect]
voice:407.515.8633
fax:407.515.9001
ClearSky Mobile Media, Inc.
56 E. Pine St. Suite 200
Orlando, FL 32801
USA
-Original Message-
From: S H A N [mailto:[EMAIL PROTECTED]
Sent: Friday, September 26, 2003 6:45 AM
To: [EMAIL PROTECTED]
Subject: (RADIATOR) PostAuthHook and DB connection
hi,
i am trying to think of a method where i can avoid
connect to db
do something...
disconnect from db
each time one of my hook gets processing in a radius operation for
each
postauth request. (so if it handles 100k packets it means that i
does
100k times connect to db and 100k times of disconnect!)
ideally i want..
to connect to db... (at the point of startup of radius)
keep on doing something without disconnecting/connecting
again
till the life of the radius session/process.
any suggestions?
S H A N
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook and reply-items
Hello Andrej - Yes this is very easy to do. Have a look at the example hooks in the file "goodies/hooks.txt". regards Hugh On Thu, 11 Apr 2002 22:20, Andrej Harsani wrote: > Hello, > > Is it possible to access reply-items > from PostAuthHook? I need to return reply > value from AuthPLSQL of attribute cisco-h323-return-code > in case of reject. > > Thanks. > A.Harsani > > === > Archive at http://www.open.com.au/archives/radiator/ > Announcements on [EMAIL PROTECTED] > To unsubscribe, email '[EMAIL PROTECTED]' with > 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) postauthhook, Access-Reject problem.
Hello Steve -
I suspect the problem is due to an internal change in the replyTo()
call.
It should look like this (in recent versions of Radiator):
# Reply to the Client that sent the request.
$p->{Client}->replyTo($p);
return;
BTW - for clarity, I would suggest using the correct PostAuthHook
parameter passing, as it is quite confusing using a proxy ReplyHook as
a template. You will find some example hooks in the file
"goodies/hooks.txt" in the distribution.
regards
Hugh
On Tuesday, Dec 31, 2002, at 10:34 Australia/Melbourne, Steve Wilson
wrote:
The attached is our postauthhook file which we use to see if the user
has exceeded their quota of usage, this is calculated on a rolling 30
days. The problem we have is that when a user has used 150% or more we
are trying to send a reject, and due to safety in the script we return
1
second session timeout. The user receives an "Access-Accept" with the
reply message and attributes clearly showing that this user should not
have connected. Where are we going wrong with the changing of the
return
code ?
--
Steve Wilson <[EMAIL PROTECTED]>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) postauthhook, Access-Reject problem.
Maybe I should have explained the server setup more ...
The server is acting as a proxy, but it holds the accounting locally in
MySQL and authenticates from an icradius server until I have time to
merge 5 separate servers into 2 failover with 1 management solution.
Steve.
On Tue, 2002-12-31 at 00:10, Hugh Irvine wrote:
> Hello Steve -
>
> I suspect the problem is due to an internal change in the replyTo()
> call.
>
> It should look like this (in recent versions of Radiator):
>
> # Reply to the Client that sent the request.
> $p->{Client}->replyTo($p);
> return;
>
> BTW - for clarity, I would suggest using the correct PostAuthHook
> parameter passing, as it is quite confusing using a proxy ReplyHook as
> a template. You will find some example hooks in the file
> "goodies/hooks.txt" in the distribution.
>
> regards
>
> Hugh
>
>
> On Tuesday, Dec 31, 2002, at 10:34 Australia/Melbourne, Steve Wilson
> wrote:
>
> > The attached is our postauthhook file which we use to see if the user
> > has exceeded their quota of usage, this is calculated on a rolling 30
> > days. The problem we have is that when a user has used 150% or more we
> > are trying to send a reject, and due to safety in the script we return
> > 1
> > second session timeout. The user receives an "Access-Accept" with the
> > reply message and attributes clearly showing that this user should not
> > have connected. Where are we going wrong with the changing of the
> > return
> > code ?
> >
> > --
> > Steve Wilson <[EMAIL PROTECTED]>
> >
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) postauthhook, Access-Reject problem.
Hello Steve -
Ah right.
In that case, just to make my life easier perhaps your subject line
could refer to a "ReplyHook"?
;-)
cheers
Hugh
On Tuesday, Dec 31, 2002, at 12:02 Australia/Melbourne, Steve Wilson
wrote:
Maybe I should have explained the server setup more ...
The server is acting as a proxy, but it holds the accounting locally in
MySQL and authenticates from an icradius server until I have time to
merge 5 separate servers into 2 failover with 1 management solution.
Steve.
On Tue, 2002-12-31 at 00:10, Hugh Irvine wrote:
Hello Steve -
I suspect the problem is due to an internal change in the replyTo()
call.
It should look like this (in recent versions of Radiator):
# Reply to the Client that sent the request.
$p->{Client}->replyTo($p);
return;
BTW - for clarity, I would suggest using the correct PostAuthHook
parameter passing, as it is quite confusing using a proxy ReplyHook as
a template. You will find some example hooks in the file
"goodies/hooks.txt" in the distribution.
regards
Hugh
On Tuesday, Dec 31, 2002, at 10:34 Australia/Melbourne, Steve Wilson
wrote:
The attached is our postauthhook file which we use to see if the user
has exceeded their quota of usage, this is calculated on a rolling 30
days. The problem we have is that when a user has used 150% or more
we
are trying to send a reject, and due to safety in the script we
return
1
second session timeout. The user receives an "Access-Accept" with the
reply message and attributes clearly showing that this user should
not
have connected. Where are we going wrong with the changing of the
return
code ?
--
Steve Wilson <[EMAIL PROTECTED]>
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook in an external file
Hi Hugh ! I'm working in a PostAuthHook on my system, and I was wondering if is possible to specify an external file instead of writing all the PostAuthHook code in the configuration file. Regards, Antonio Navarro Navarro BemarNet Management [EMAIL PROTECTED] http://www.bemarnet.es === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook and check-items
Hello Erik - On Tue, 21 Dec 1999, Erik Meitner wrote: > Is is possible in PostAuthHook in a Realm clause to look at the contents > of the check-items that are used in an AuthBy FILE clause? > Here is what I'm trying to do: >I have some Ascend MAX's that do not support any radius attribute to hang > up a user at a specified time. If a user has a restriced login window of > 6am-6pm(Time=Al06001800), i would like to force a logoff at 6pm. In order > to enforce this, I need to set the Ascend-Maxumum-Call-Duration. To do this, > I need a hook to compute that value based on the Time check-item and the > time of login and set this in the reply packet. > It would be much simpler to use the Session-Timeout = "until 1800" reply item. This is available in a patch to Radiator 2.14.1: 28/9/99 New version of AuthGeneric supports a new format for Session-Timeout reply items:. If you have for example: Session-Timeout="until 1800" Then the Session-Timeout in the reply will be calculated as the number of seconds up until the time of day specified Download a new AuthGeneric.pm from here. Then in your PostAuthHook simply duplicate the Session-Timeout as Ascend-Maximum-Time-Duration. (Although I am surprised that Session-Timeout does not work). hth Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook and check-items
At 13.06 23/12/99 +1100, [EMAIL PROTECTED] wrote:
>On Tue, 21 Dec 1999, Erik Meitner wrote:
>
>> Is is possible in PostAuthHook in a Realm clause to look at the contents
>> of the check-items that are used in an AuthBy FILE clause?
>
>It would be much simpler to use the Session-Timeout = "until 1800" reply item.
>This is available in a patch to Radiator 2.14.1:
Hi all !
I'm working in a PostAuthHook for assigning IP addresses to the users from a limited
pool. I'm trying with a PostAuthHook in an external file, but I'm unable to access the
different parameters sent in the request and reply packets.
I use the RADONLINE database in MySQL for tracking the users connected. The
PostAuthHook will assignt he first IP Address not used from the pool to the user
(pseudo-code follows):
if (authentication_is_ok()) {
if (resultpacket_doesn't_contain_a_fixed_IP_Address) {
iplist=obtain_list_of_current_IP_Addresses();
for( ip=begin_of_pool; iphttp://www.bemarnet.es
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook and Vendor Attributes
Hello Dusty -
>
> I am working on a PostAuthHook that will give us more compact
> logging but I have run into a problem. I can get standard
> attributes pretty easily by using the examples I have seen
> in the Docs and the list. However when I try to get Vendor
> Specific Attributes I come up empty handed. Can anyone give
> me example code where they are pulling vendor specific
> attributes using a hook ?? I have attached some code from my
> hook.
>
> my $p = ${$_[0]};
> #These come through fine
> my $username = $p->getAttrByNum($Radius::Radius::USER_NAME);
> my $nasaddress = $p->getAttrByNum($Radius::Radius::NAS_IP_ADDRESS);
> my $ipaddress = $p->getAttrByNum($Radius::Radius::FRAMED_IP_ADDRESS);
> my $called = $p->getAttrByNum($Radius::Radius::CALLING_STATION_ID);
> my $calling = $p->getAttrByNum($Radius::Radius::CALLED_STATION_ID);
> my $nasport = $p->getAttrByNum($Radius::Radius::NAS_PORT);
>
Yes - these attributes are defined in the file "Radius/Radius.pm", so you can
happily do what you've shown above.
> #These "specific to Ascend Attributes" do not seem to be available
> #using this code even though they do show up in the main logfile
> #
> my $shelfno = $r->getAttrByNum($Radius::Radius::ASCEND_MODEM_SHELFNO) ;
> my $slotno = $r->getAttrByNum($Radius::Radius::ASCEND_MODEM_SLOTNO) ;
> my $portno = $r->getAttrByNum($Radius::Radius::Ascend_Modem_PortNo) ;
>
However, these attributes are defined in the dictionary file, not
"Radius/Radius.pm, so you will need to use get_attr, for example.
I notice from the above that you are using $p in the first series and $r in the
second series. Are these in fact the same packet? Note that the PostAuthHook
has access to both the request packet and the reply packet.
You may also be interested in having a look at a few example hooks that are in
the patches area:
http://www.open.com.au/radiator/downloads/patches-2.15/hooks.txt
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook and Vendor Attributes
--- Forwarded mail from [EMAIL PROTECTED]
Date: Tue, 2 May 2000 23:40:20 +1000 (EST)
From: [EMAIL PROTECTED]
To: [EMAIL PROTECTED]
Subject: BOUNCE [EMAIL PROTECTED]:Non-member submission from [Michael
Dustin <[EMAIL PROTECTED]>]
>From owner-radiator Tue May 2 23:40:15 2000
Received: by oscar.open.com.au (8.9.0/8.9.0) id XAA10584;
Tue, 2 May 2000 23:40:14 +1000 (EST)
>Received: from alastair.tir.com (alastair.tir.com [216.40.128.69]) by
perki.connect.com.au with ESMTP id XAA13325
(8.8.8/IDA-1.7); Tue, 2 May 2000 23:20:13 +1000 (EST)
Received: from alastair.tir.com (alastair.tir.com [216.40.128.69]) by
perki.connect.com.au with ESMTP id XAA13325
(8.8.8/IDA-1.7); Tue, 2 May 2000 23:20:13 +1000 (EST)
Received: from darren.tir.com (darren.tir.com [216.40.128.70])
by alastair.tir.com (8.9.1/8.9.1) with ESMTP id JAA17824;
Tue, 2 May 2000 09:20:10 -0400 (EDT)
Received: from localhost (dusty@localhost)
by darren.tir.com (8.9.1/8.9.1) with ESMTP id JAA19275;
Tue, 2 May 2000 09:20:09 -0400 (EDT)
X-Authentication-Warning: darren.tir.com: dusty owned process doing -bs
Date: Tue, 2 May 2000 09:20:09 -0400 (EDT)
From: Michael Dustin <[EMAIL PROTECTED]>
To: Hugh Irvine <[EMAIL PROTECTED]>
cc: [EMAIL PROTECTED]
Subject: Re: (RADIATOR) PostAuthHook and Vendor Attributes
In-Reply-To: <00050216252504.27586@hugo>
Message-ID: <[EMAIL PROTECTED]>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
Hugh,
Thanks, from your comments I was able to figure out the code I needed
to access the attributes. The code below works for getting Attributes
with a PostAuthHook that are Vendor specific.
$shelfno = $p->get_attr('Ascend-Modem-ShelfNo') ;
if ($shelfno) {
$Ascend = "yes" ;
$slotno = $p->get_attr('Ascend-Modem-SlotNo') ;
$portno = $p->get_attr('Ascend-Modem-PortNo') ;
$port=$shelfno.$slotno.$portno ;
}
else {
$Annex = "yes" ;
}
-thanx
-dusty
On Tue, 2 May 2000, Hugh Irvine wrote:
>
> Hello Dusty -
>
> >
> > I am working on a PostAuthHook that will give us more compact
> > logging but I have run into a problem. I can get standard
> > attributes pretty easily by using the examples I have seen
> > in the Docs and the list. However when I try to get Vendor
> > Specific Attributes I come up empty handed. Can anyone give
> > me example code where they are pulling vendor specific
> > attributes using a hook ?? I have attached some code from my
> > hook.
> >
> > my $p = ${$_[0]};
> > #These come through fine
> > my $username = $p->getAttrByNum($Radius::Radius::USER_NAME);
> > my $nasaddress = $p->getAttrByNum($Radius::Radius::NAS_IP_ADDRESS);
> > my $ipaddress = $p->getAttrByNum($Radius::Radius::FRAMED_IP_ADDRESS);
> > my $called = $p->getAttrByNum($Radius::Radius::CALLING_STATION_ID);
> > my $calling = $p->getAttrByNum($Radius::Radius::CALLED_STATION_ID);
> > my $nasport = $p->getAttrByNum($Radius::Radius::NAS_PORT);
> >
>
> Yes - these attributes are defined in the file "Radius/Radius.pm", so you can
> happily do what you've shown above.
>
> > #These "specific to Ascend Attributes" do not seem to be available
> > #using this code even though they do show up in the main logfile
> > #
> > my $shelfno = $r->getAttrByNum($Radius::Radius::ASCEND_MODEM_SHELFNO) ;
> > my $slotno = $r->getAttrByNum($Radius::Radius::ASCEND_MODEM_SLOTNO) ;
> > my $portno = $r->getAttrByNum($Radius::Radius::Ascend_Modem_PortNo) ;
> >
>
> However, these attributes are defined in the dictionary file, not
> "Radius/Radius.pm, so you will need to use get_attr, for example.
>
> I notice from the above that you are using $p in the first series and $r in
the
> second series. Are these in fact the same packet? Note that the PostAuthHook
> has access to both the request packet and the reply packet.
>
> You may also be interested in having a look at a few example hooks that are
in
> the patches area:
>
> http://www.open.com.au/radiator/downloads/patches-2.15/hooks.txt
>
> hth
>
> Hugh
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
> Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
>
>
>
---End of forwarded mail from [EMAIL PROTECTED]
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au
Phone +61 3 9598-0985 Fax +61 3 95
(RADIATOR) PostAuthHook source file and little problem
Hi all !
Here is the source code of the PostAuthHook file that I'm using. As you can see the
Hook only saves basic information of the packets received to a file in the hard disk
and assigns a fixed IP address to an specific user.
The problem is that the assignation doesn't works. The code for this follows:
if ($user eq 'bemar@bemarnet') {
$q->add_attr('Framed-IP-Address', '212.87.203.1');
}
Where am I wrong ?
Here is the full code for the Hook.
sub {
my $p=${$_[0]}; # Reference to the current request
my $q=${$_[1]}; # Reply packet being constructed
my $r=${$_[2]}; # Result of the authentication
my $user=$p->getAttrByNum($Radius::Radius::USER_NAME);
my $frip=$p->getAttrByNum($Radius::Radius::FRAMED_IP_ADDRESS);
my $stat=$p->getAttrByNum($Radius::Radius::ACCT_STATUS_TYPE);
open(trace, '>>/trace.txt');
if ($stat eq 'Start') {
print trace "Start: $user - $stat - $frip\n";
if ($user eq 'bemar@bemarnet') {
$q->add_attr('Framed-IP-Address', '212.87.203.1');
}
} elsif ($stat eq 'Stop') {
print trace "Stop: $user - $stat - $frip\n";
} elsif ($stat eq 'Alive') {
print trace "Alive: $user - $stat - $frip\n";
} else {
print trace "Error: $user - $stat - $frip\n";
}
close(trace);
}
Antonio Navarro Navarro
BemarNet Management
[EMAIL PROTECTED]
http://www.bemarnet.es
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook assigning IP Address.. Please Help !!
Hi all !
I am writing a PostAuthHook program in perl in order to assign IP addresses from a
pool to the users. I can get all the information about the request packet, but the
repky packet is always empty and I am unable to assign a fixed IP Address to the
connected user.
if ($user eq 'bemar@bemarnet') {
$q->add_attr('Framed-IP-Address', '212.87.203.1');
}
Where am I wrong ?
Here is the full code for the Hook.
sub {
my $p=${$_[0]}; # Reference to the current request
my $q=${$_[1]}; # Reply packet being constructed
my $r=${$_[2]}; # Result of the authentication
my $user=$p->getAttrByNum($Radius::Radius::USER_NAME);
my $frip=$p->getAttrByNum($Radius::Radius::FRAMED_IP_ADDRESS);
my $stat=$p->getAttrByNum($Radius::Radius::ACCT_STATUS_TYPE);
open(trace, '>>/trace.txt');
if ($stat eq 'Start') {
print trace "Start: $user - $stat - $frip\n";
if ($user eq 'bemar@bemarnet') {
$q->add_attr('Framed-IP-Address', '212.87.203.1');
}
} elsif ($stat eq 'Stop') {
print trace "Stop: $user - $stat - $frip\n";
} elsif ($stat eq 'Alive') {
print trace "Alive: $user - $stat - $frip\n";
} else {
print trace "Error: $user - $stat - $frip\n";
}
close(trace);
}
Antonio Navarro Navarro
BemarNet Management
[EMAIL PROTECTED]
http://www.bemarnet.es
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
(RADIATOR) PostAuthHook is processing my accounting records
Hi All, How do I stop my PostAuthHook subroutine from processing any Start or Stop records? All the best, Brett Murphy Director, Alphalink (Australia) PTY LTD ph: +61 3 9495-9000 fax: +61 3 9486-6822 email: [EMAIL PROTECTED] The contents of this message may not be quoted, copied, reproduced or published in part or in whole, without the written authorization of Brett Murphy, Director, Alphalink (Australia) Pty Ltd. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook assigning IP Address.. Please Help !!
Hello Antonio -
On Thu, 30 Dec 1999, Antonio Navarro Navarro wrote:
> Hi all !
>
> I am writing a PostAuthHook program in perl in order to assign IP addresses
from a pool to the users. I can get all the information about the request
packet, but the repky packet is always empty and I am unable to assign a fixed
IP Address to the connected user.
>
> if ($user eq 'bemar@bemarnet') {
> $q->add_attr('Framed-IP-Address', '212.87.203.1');
> }
>
> Where am I wrong ?
>
> Here is the full code for the Hook.
>
> sub {
>
> my $p=${$_[0]}; # Reference to the current request
> my $q=${$_[1]}; # Reply packet being constructed
> my $r=${$_[2]}; # Result of the authentication
>
> my $user=$p->getAttrByNum($Radius::Radius::USER_NAME);
> my $frip=$p->getAttrByNum($Radius::Radius::FRAMED_IP_ADDRESS);
> my $stat=$p->getAttrByNum($Radius::Radius::ACCT_STATUS_TYPE);
>
> open(trace, '>>/trace.txt');
> if ($stat eq 'Start') {
> print trace "Start: $user - $stat - $frip\n";
> if ($user eq 'bemar@bemarnet') {
> $q->add_attr('Framed-IP-Address', '212.87.203.1');
> }
> } elsif ($stat eq 'Stop') {
> print trace "Stop: $user - $stat - $frip\n";
> } elsif ($stat eq 'Alive') {
> print trace "Alive: $user - $stat - $frip\n";
> } else {
> print trace "Error: $user - $stat - $frip\n";
> }
> close(trace);
>
> }
>
Hmmm - your code above will only look at accounting packets (Start, Stop, etc.)
which are only sent *after* the connection has been set up. I suspect what you
want to do is process the Access-Request packets to return an IP address in the
Access-Accept.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8,
NT, Rhapsody
===
Archive at http://www.thesite.com.au/~radiator/
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook assigning IP Address.. Please Help !!
At 20.05 30/12/99 +1100, Hugh Irvine wrote: >Hmmm - your code above will only look at accounting packets (Start, >Stop, etc.) which are only sent *after* the connection has been set up. >I suspect what you want to do is process the Access-Request packets >to return an IP address in the Access-Accept. Ok. I have modified the configuration file in order to execute the code in PreAuthHook instead of PostAuthHook and now it works fine, but I think is not the approach that I'm looking for. The problem is that if I assign an IP address to the user in the PreAuthHook (using a control file with the status of the IP addresses of the pool) and the user is not accepted by the Auth procedure of radiator, the user will be rejected but the IP address will remain in the control file. How can I modify packet sent in reply to the Access-Request only if the user login will be accepted ? Regards, Antonio Navarro Navarro BemarNet Management [EMAIL PROTECTED] http://www.bemarnet.es === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook assigning IP Address.. Please Help!!
Hola Antonio, Antonio Navarro Navarro wrote: > > The problem is that if I assign an IP address to the user in the PreAuthHook (using >a control file with the status of the IP addresses of the pool) and the user is not >accepted by the Auth procedure of radiator, the user will be rejected but the IP >address will remain in the control file. > No if the NAS sends "STOP-without-previous-START" records for authentication/authorization errors. Your code can free the IP address when this "STOP-without-previous-START" record arrives. There are many NAS with this behaviour. For Cisco users: it was introduced as default in 12.0( < 6 )T. In 12.0( => 6 )T the default is to not send the stop record, but it's posible to configure it with "aaa accounting stop-record authentication failure". I think to remember that the 3com NAS that your are using has this behaviour. Félix __ DATAGRAMA SERVICIOS GLOBALES IP C/ Acer 30 Pho: +34 93 223 00 98 08038 Barcelona ( SPAIN )Fax: +34 93 223 12 66 mailto:[EMAIL PROTECTED] http://www.datagrama.net __ ÿ Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PostAuthHook is processing my accounting records
Hello Brett - At 12:04 +1000 01/3/30, Brett Murphy wrote: >Hi All, > >How do I stop my PostAuthHook subroutine from processing any Start >or Stop records? You can either set up different Handlers: # Handler for accounting . # Handler for authentication . Or you can add some code in your hook to deal with it - check the examples in the file "goodies/hooks.txt". hth Hugh -- NB: I am travelling this week, so there may be delays in our correspondence. Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
[RADIATOR] PostAuthHook isn't called from a TunnelledByTTLS=1 handler
Hi all,
It looks like PostAuthHook isn't called from the TunnelledByTTLS=1 handler.
The handler:
# Remove realms and other things
RewriteUsername s/^([^@]+).*/$1/
# connect to LDAP for authentication
# may use both servers but first try local
MaxSessions 3
AuthByPolicy ContinueWhileIgnore
# host info
Host 1.1.1.1
Port 389
Version 3
NoDefault
# If LDAP timeout occurs wait 60 seconds before retry ( default =
600 seconds)
FailureBackoffTime 60
# use application specific user
AuthDN
AuthPassword
BaseDN dc=abc,dc=nl
# get the user
UsernameAttr uid
PasswordAttr userPassword
# return vlan id from ldap
AuthAttrDef ipNetworkNumber, Tunnel-Private-Group-ID, reply
PostAuthHook file:"%D/vlan-id-abc.pl"
The debug log:
Wed May 18 13:38:20 2011: DEBUG: LDAP got userPassword: {SSHA}
Wed May 18 13:38:20 2011: DEBUG: LDAP got ipNetworkNumber: 16
Wed May 18 13:38:20 2011: DEBUG: Radius::AuthLDAP2 looks for match with
abc [a...@abc.nl]
Wed May 18 13:38:20 2011: DEBUG: Radius::AuthLDAP2 ACCEPT: : abc
[a...@abc.nl]
Wed May 18 13:38:20 2011: DEBUG: AuthBy GROUP result: ACCEPT,
Wed May 18 13:38:20 2011: INFO: Access accepted for abc
Wed May 18 13:38:20 2011: DEBUG: Returned TTLS tunnelled Diameter Packet
dump:
Code: Access-Accept
Identifier: UNDEF
Can someone confirm that PostAuthHook isn't called for TunnelledByTTLS=1
handlers?
Regards,
René Hennequin
Hogeschool van Amsterdam
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] PostAuthHook isn't called from a TunnelledByTTLS=1 handler
Never mind, if the external script contains errors, the hook isn't
processed. It is displayed in the log at startup.
René
Op 18-5-2011 14:11, René Hennequin schreef:
> Hi all,
>
> It looks like PostAuthHook isn't called from the TunnelledByTTLS=1 handler.
> The handler:
>
> # Remove realms and other things
> RewriteUsername s/^([^@]+).*/$1/
> # connect to LDAP for authentication
> # may use both servers but first try local
> MaxSessions 3
>
> AuthByPolicy ContinueWhileIgnore
>
> # host info
> Host 1.1.1.1
> Port 389
> Version 3
> NoDefault
># If LDAP timeout occurs wait 60 seconds before retry ( default =
> 600 seconds)
> FailureBackoffTime 60
> # use application specific user
> AuthDN
> AuthPassword
> BaseDN dc=abc,dc=nl
> # get the user
> UsernameAttr uid
> PasswordAttr userPassword
> # return vlan id from ldap
> AuthAttrDef ipNetworkNumber, Tunnel-Private-Group-ID, reply
>
>
> PostAuthHook file:"%D/vlan-id-abc.pl"
>
>
> The debug log:
> Wed May 18 13:38:20 2011: DEBUG: LDAP got userPassword: {SSHA}
> Wed May 18 13:38:20 2011: DEBUG: LDAP got ipNetworkNumber: 16
> Wed May 18 13:38:20 2011: DEBUG: Radius::AuthLDAP2 looks for match with
> abc [a...@abc.nl]
> Wed May 18 13:38:20 2011: DEBUG: Radius::AuthLDAP2 ACCEPT: : abc
> [a...@abc.nl]
> Wed May 18 13:38:20 2011: DEBUG: AuthBy GROUP result: ACCEPT,
> Wed May 18 13:38:20 2011: INFO: Access accepted for abc
> Wed May 18 13:38:20 2011: DEBUG: Returned TTLS tunnelled Diameter Packet
> dump:
> Code: Access-Accept
> Identifier: UNDEF
>
> Can someone confirm that PostAuthHook isn't called for TunnelledByTTLS=1
> handlers?
>
> Regards,
> René Hennequin
> Hogeschool van Amsterdam
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] PostAuthHook isn't called from a TunnelledByTTLS=1 handler
Hi, what version are you running - i know in much older versions there was a small b ug with PostAuthHook and handlers... however, are you sure that this handler is the one being called (your debug doesnt fully show) ..and what happens if you put the PostAuthHook *inside* the group AuthBy loop instead? alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] PostAuthHook isn't called from a TunnelledByTTLS=1 handler
Hi, > Never mind, if the external script contains errors, the hook isn't > processed. It is displayed in the log at startup. oh, okay. handy - it'd be nice if it reported that ... eg 'ERR: Dodgy PostAuthHook script, so not running it" :-) alan ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
