Hi Robert -

A pretty easy way to do this is with multiple pseudo-attributes in the Class 
attribute.

I’ve included an example below.

cheers

Hugh


configuration file:

# simple.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with 
# a simple system. You can then add and change features.
# We suggest you start simple, prove to yourself that it
# works and then develop a more complicated configuration.
#
# This example will authenticate from a standard users file in
# the current directory and log accounting to a file in the current
# directory.
# It will accept requests from any client and try to handle request
# for any realm.
# And it will print out what its doing in great detail.
#
# See radius.cfg for more complete examples of features and
# syntax, and refer to the reference manual for a complete description
# of all the features and syntax.
#
# You should consider this file to be a starting point only
# $Id: simple.cfg,v 1.5 2015/06/02 19:37:27 hvn Exp $

Foreground
LogStdout
LogDir          .
DbDir           .
# User a lower trace level in production systems:
Trace           4

# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client DEFAULT>
        Secret  mysecret
        AddToRequest %{Class}
</Client>

<Handler Request-Type = Accounting-Request>
        AcctLogFileName %L/accounting
        <AuthBy INTERNAL>
                DefaultResult Accept
        </AuthBy>
</Handler>

<Handler>
        <AuthBy FILE>
                Filename %D/users
                AddToReply Class = "Tag1=one, Tag2=two, Tag3=three"
        </AuthBy>
        # Log accounting to a detail file
        AcctLogFileName %L/detail
</Handler>


radpwtst:

Radiator-4.19 hugh$ perl radpwtst -trace 4
Tue Nov 28 09:28:32 2017: DEBUG: Reading dictionary file './dictionary'
sending Access-Request
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1645 ....
Code:       Access-Request
Identifier: 155
Authentic:  <140>i<194>LVG+.<25><150>k<195>o<197>#,
Attributes:
        User-Name = "mikem"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = <189>mS<168><247><30><166><128>=<22><142>\^B{!

Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1645 ....
Code:       Access-Accept
Identifier: 155
Authentic:  <144>v<164><146>iOc_<153><169>1t^<133><18><214>
Attributes:
        Framed-Protocol = PPP
        Service-Type = Framed-User
        Class = "Tag1=one, Tag2=two, Tag3=three"

OK
sending Accounting-Request Start
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1646 ....
Code:       Accounting-Request
Identifier: 156
Authentic:  <182><30>zuB+g<204><239><140>'<20>5<236><26><197>
Attributes:
        User-Name = "mikem"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Start
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Acct-Delay-Time = 0
        Class = "Tag1=one, Tag2=two, Tag3=three"

Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1646 ....
Code:       Accounting-Response
Identifier: 156
Authentic:  <174>m<226><234><143><205><162>&<255><139>k<239>q.p<182>
Attributes:

OK
sending Accounting-Request Stop
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1646 ....
Code:       Accounting-Request
Identifier: 157
Authentic:  <26><189>_<221>G<232><230><204>V<252>*<3>}<18><198>I
Attributes:
        User-Name = "mikem"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Stop
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Acct-Delay-Time = 0
        Acct-Session-Time = 1000
        Acct-Input-Octets = 20000
        Acct-Output-Octets = 30000
        Class = "Tag1=one, Tag2=two, Tag3=three"

Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1646 ....
Code:       Accounting-Response
Identifier: 157
Authentic:  0'<148><171>i2<3>(/9<194>><203><161><142>n
Attributes:

OK


Server log:

Radiator-4.19 hugh$ perl radiusd -foreground -log_stdout -trace 4 -config 
simple.cfg 
Tue Nov 28 09:28:24 2017: DEBUG: Finished reading configuration file 
'simple.cfg'
Tue Nov 28 09:28:24 2017: DEBUG: Reading dictionary file './dictionary'
Tue Nov 28 09:28:24 2017: INFO: Using Net::SSLeay 1.72 with SSL/TLS library 
version 0x9081df (OpenSSL 0.9.8zh 14 Jan 2016)
Tue Nov 28 09:28:24 2017: INFO: SSL/TLS library version 0x9081df (OpenSSL 
0.9.8zh 14 Jan 2016) does not support TLSv1.1 or TLSv1.2
Tue Nov 28 09:28:24 2017: DEBUG: This system is IPv6 capable. IPv6 capability 
provided by: core
Tue Nov 28 09:28:24 2017: DEBUG: Creating authentication port 0.0.0.0:1645
Tue Nov 28 09:28:24 2017: DEBUG: Creating accounting port 0.0.0.0:1646
Tue Nov 28 09:28:24 2017: NOTICE: Server started: Radiator 4.19 on 
TiTi.fritz.box
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 51871 ....
Code:       Access-Request
Identifier: 155
Authentic:  <140>i<194>LVG+.<25><150>k<195>o<197>#,
Attributes:
        User-Name = "mikem"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        User-Password = <189>mS<168><247><30><166><128>=<22><142>\^B{!

Tue Nov 28 09:28:32 2017: DEBUG: Handling request with Handler '', Identifier ''
Tue Nov 28 09:28:32 2017: DEBUG:  Deleting session for mikem, 203.63.154.1, 1234
Tue Nov 28 09:28:32 2017: DEBUG: Handling with Radius::AuthFILE: 
Tue Nov 28 09:28:32 2017: DEBUG: Reading users file ./users
Tue Nov 28 09:28:32 2017: DEBUG: Radius::AuthFILE looks for match with mikem 
[mikem]
Tue Nov 28 09:28:32 2017: DEBUG: Radius::AuthFILE ACCEPT: : mikem [mikem]
Tue Nov 28 09:28:32 2017: DEBUG: AuthBy FILE result: ACCEPT, 
Tue Nov 28 09:28:32 2017: DEBUG: Access accepted for mikem
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 51871 ....
Code:       Access-Accept
Identifier: 155
Authentic:  <144>v<164><146>iOc_<153><169>1t^<133><18><214>
Attributes:
        Framed-Protocol = PPP
        Service-Type = Framed-User
        Class = "Tag1=one, Tag2=two, Tag3=three"

Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 51871 ....
Code:       Accounting-Request
Identifier: 156
Authentic:  <182><30>zuB+g<204><239><140>'<20>5<236><26><197>
Attributes:
        User-Name = "mikem"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Start
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Acct-Delay-Time = 0
        Class = "Tag1=one, Tag2=two, Tag3=three"

Tue Nov 28 09:28:32 2017: DEBUG: Handling request with Handler 'Request-Type = 
Accounting-Request', Identifier ''
Tue Nov 28 09:28:32 2017: DEBUG:  Adding session for mikem, 203.63.154.1, 1234
Tue Nov 28 09:28:32 2017: DEBUG: Handling with AuthINTERNAL: 
Tue Nov 28 09:28:32 2017: DEBUG: AuthBy INTERNAL result: ACCEPT, Fixed by 
DefaultResult
Tue Nov 28 09:28:32 2017: DEBUG: Accounting accepted
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 51871 ....
Code:       Accounting-Response
Identifier: 156
Authentic:  <174>m<226><234><143><205><162>&<255><139>k<239>q.p<182>
Attributes:

Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 51871 ....
Code:       Accounting-Request
Identifier: 157
Authentic:  <26><189>_<221>G<232><230><204>V<252>*<3>}<18><198>I
Attributes:
        User-Name = "mikem"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Stop
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Acct-Delay-Time = 0
        Acct-Session-Time = 1000
        Acct-Input-Octets = 20000
        Acct-Output-Octets = 30000
        Class = "Tag1=one, Tag2=two, Tag3=three"

Tue Nov 28 09:28:32 2017: DEBUG: Handling request with Handler 'Request-Type = 
Accounting-Request', Identifier ''
Tue Nov 28 09:28:32 2017: DEBUG:  Deleting session for mikem, 203.63.154.1, 1234
Tue Nov 28 09:28:32 2017: DEBUG: Handling with AuthINTERNAL: 
Tue Nov 28 09:28:32 2017: DEBUG: AuthBy INTERNAL result: ACCEPT, Fixed by 
DefaultResult
Tue Nov 28 09:28:32 2017: DEBUG: Accounting accepted
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 51871 ....
Code:       Accounting-Response
Identifier: 157
Authentic:  0'<148><171>i2<3>(/9<194>><203><161><142>n
Attributes:


Accounting log:

Tue Nov 28 09:28:32 2017
        User-Name = "mikem"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Start
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Acct-Delay-Time = 0
        Class = "Tag1=one, Tag2=two, Tag3=three"
        Tag1 = one
        Tag2 = two
        Tag3 = three
        Timestamp = 1511821712

Tue Nov 28 09:28:32 2017
        User-Name = "mikem"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Identifier = "203.63.154.1"
        NAS-Port = 1234
        NAS-Port-Type = Async
        Acct-Session-Id = "00001234"
        Acct-Status-Type = Stop
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        Acct-Delay-Time = 0
        Acct-Session-Time = 1000
        Acct-Input-Octets = 20000
        Acct-Output-Octets = 30000
        Class = "Tag1=one, Tag2=two, Tag3=three"
        Tag1 = one
        Tag2 = two
        Tag3 = three
        Timestamp = 1511821712


> On 28 Nov 2017, at 03:55, Robert Blayzor <rblayzor.b...@inoc.net> wrote:
> 
> We use Class pretty extensively to carry over a value from access requests 
> into accounting requests, etc. Since “Class” is already used and appears you 
> can only have one Class attribute; is there any other arbitrary RADIUS 
> attribute that is supported in a session on the client? Looking to tag/mark 
> sessions a certain way for logging purposes and would really rather not make 
> a mess out of Class which is already being used.
> 
> What we are trying to do is at access accept time tag/mark a session a 
> certain what so that when accounting records come in, we can look for this 
> attribute and log additional information based on that tag/mark.
> 
> Ideas?
> 
> --
> inoc.net!rblayzor
> XMPP: rblayzor.AT.inoc.net
> PGP:  https://inoc.net/~rblayzor/
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> 
> _______________________________________________
> radiator mailing list
> radiator@lists.open.com.au
> http://lists.open.com.au/mailman/listinfo/radiator


--

Hugh Irvine
h...@open.com.au

Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, 
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc. 
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.

_______________________________________________
radiator mailing list
radiator@lists.open.com.au
http://lists.open.com.au/mailman/listinfo/radiator

Reply via email to