Hi Robert -
A pretty easy way to do this is with multiple pseudo-attributes in the Class
attribute.
I’ve included an example below.
cheers
Hugh
configuration file:
# simple.cfg
#
# Example Radiator configuration file.
# This very simple file will allow you to get started with
# a simple system. You can then add and change features.
# We suggest you start simple, prove to yourself that it
# works and then develop a more complicated configuration.
#
# This example will authenticate from a standard users file in
# the current directory and log accounting to a file in the current
# directory.
# It will accept requests from any client and try to handle request
# for any realm.
# And it will print out what its doing in great detail.
#
# See radius.cfg for more complete examples of features and
# syntax, and refer to the reference manual for a complete description
# of all the features and syntax.
#
# You should consider this file to be a starting point only
# $Id: simple.cfg,v 1.5 2015/06/02 19:37:27 hvn Exp $
Foreground
LogStdout
LogDir .
DbDir .
# User a lower trace level in production systems:
Trace 4
# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client DEFAULT>
Secret mysecret
AddToRequest %{Class}
</Client>
<Handler Request-Type = Accounting-Request>
AcctLogFileName %L/accounting
<AuthBy INTERNAL>
DefaultResult Accept
</AuthBy>
</Handler>
<Handler>
<AuthBy FILE>
Filename %D/users
AddToReply Class = "Tag1=one, Tag2=two, Tag3=three"
</AuthBy>
# Log accounting to a detail file
AcctLogFileName %L/detail
</Handler>
radpwtst:
Radiator-4.19 hugh$ perl radpwtst -trace 4
Tue Nov 28 09:28:32 2017: DEBUG: Reading dictionary file './dictionary'
sending Access-Request
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1645 ....
Code: Access-Request
Identifier: 155
Authentic: <140>i<194>LVG+.<25><150>k<195>o<197>#,
Attributes:
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = <189>mS<168><247><30><166><128>=<22><142>\^B{!
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1645 ....
Code: Access-Accept
Identifier: 155
Authentic: <144>v<164><146>iOc_<153><169>1t^<133><18><214>
Attributes:
Framed-Protocol = PPP
Service-Type = Framed-User
Class = "Tag1=one, Tag2=two, Tag3=three"
OK
sending Accounting-Request Start
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1646 ....
Code: Accounting-Request
Identifier: 156
Authentic: <182><30>zuB+g<204><239><140>'<20>5<236><26><197>
Attributes:
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Class = "Tag1=one, Tag2=two, Tag3=three"
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1646 ....
Code: Accounting-Response
Identifier: 156
Authentic: <174>m<226><234><143><205><162>&<255><139>k<239>q.p<182>
Attributes:
OK
sending Accounting-Request Stop
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 1646 ....
Code: Accounting-Request
Identifier: 157
Authentic: <26><189>_<221>G<232><230><204>V<252>*<3>}<18><198>I
Attributes:
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Class = "Tag1=one, Tag2=two, Tag3=three"
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 1646 ....
Code: Accounting-Response
Identifier: 157
Authentic: 0'<148><171>i2<3>(/9<194>><203><161><142>n
Attributes:
OK
Server log:
Radiator-4.19 hugh$ perl radiusd -foreground -log_stdout -trace 4 -config
simple.cfg
Tue Nov 28 09:28:24 2017: DEBUG: Finished reading configuration file
'simple.cfg'
Tue Nov 28 09:28:24 2017: DEBUG: Reading dictionary file './dictionary'
Tue Nov 28 09:28:24 2017: INFO: Using Net::SSLeay 1.72 with SSL/TLS library
version 0x9081df (OpenSSL 0.9.8zh 14 Jan 2016)
Tue Nov 28 09:28:24 2017: INFO: SSL/TLS library version 0x9081df (OpenSSL
0.9.8zh 14 Jan 2016) does not support TLSv1.1 or TLSv1.2
Tue Nov 28 09:28:24 2017: DEBUG: This system is IPv6 capable. IPv6 capability
provided by: core
Tue Nov 28 09:28:24 2017: DEBUG: Creating authentication port 0.0.0.0:1645
Tue Nov 28 09:28:24 2017: DEBUG: Creating accounting port 0.0.0.0:1646
Tue Nov 28 09:28:24 2017: NOTICE: Server started: Radiator 4.19 on
TiTi.fritz.box
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 51871 ....
Code: Access-Request
Identifier: 155
Authentic: <140>i<194>LVG+.<25><150>k<195>o<197>#,
Attributes:
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = <189>mS<168><247><30><166><128>=<22><142>\^B{!
Tue Nov 28 09:28:32 2017: DEBUG: Handling request with Handler '', Identifier ''
Tue Nov 28 09:28:32 2017: DEBUG: Deleting session for mikem, 203.63.154.1, 1234
Tue Nov 28 09:28:32 2017: DEBUG: Handling with Radius::AuthFILE:
Tue Nov 28 09:28:32 2017: DEBUG: Reading users file ./users
Tue Nov 28 09:28:32 2017: DEBUG: Radius::AuthFILE looks for match with mikem
[mikem]
Tue Nov 28 09:28:32 2017: DEBUG: Radius::AuthFILE ACCEPT: : mikem [mikem]
Tue Nov 28 09:28:32 2017: DEBUG: AuthBy FILE result: ACCEPT,
Tue Nov 28 09:28:32 2017: DEBUG: Access accepted for mikem
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 51871 ....
Code: Access-Accept
Identifier: 155
Authentic: <144>v<164><146>iOc_<153><169>1t^<133><18><214>
Attributes:
Framed-Protocol = PPP
Service-Type = Framed-User
Class = "Tag1=one, Tag2=two, Tag3=three"
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 51871 ....
Code: Accounting-Request
Identifier: 156
Authentic: <182><30>zuB+g<204><239><140>'<20>5<236><26><197>
Attributes:
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Class = "Tag1=one, Tag2=two, Tag3=three"
Tue Nov 28 09:28:32 2017: DEBUG: Handling request with Handler 'Request-Type =
Accounting-Request', Identifier ''
Tue Nov 28 09:28:32 2017: DEBUG: Adding session for mikem, 203.63.154.1, 1234
Tue Nov 28 09:28:32 2017: DEBUG: Handling with AuthINTERNAL:
Tue Nov 28 09:28:32 2017: DEBUG: AuthBy INTERNAL result: ACCEPT, Fixed by
DefaultResult
Tue Nov 28 09:28:32 2017: DEBUG: Accounting accepted
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 51871 ....
Code: Accounting-Response
Identifier: 156
Authentic: <174>m<226><234><143><205><162>&<255><139>k<239>q.p<182>
Attributes:
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 51871 ....
Code: Accounting-Request
Identifier: 157
Authentic: <26><189>_<221>G<232><230><204>V<252>*<3>}<18><198>I
Attributes:
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Class = "Tag1=one, Tag2=two, Tag3=three"
Tue Nov 28 09:28:32 2017: DEBUG: Handling request with Handler 'Request-Type =
Accounting-Request', Identifier ''
Tue Nov 28 09:28:32 2017: DEBUG: Deleting session for mikem, 203.63.154.1, 1234
Tue Nov 28 09:28:32 2017: DEBUG: Handling with AuthINTERNAL:
Tue Nov 28 09:28:32 2017: DEBUG: AuthBy INTERNAL result: ACCEPT, Fixed by
DefaultResult
Tue Nov 28 09:28:32 2017: DEBUG: Accounting accepted
Tue Nov 28 09:28:32 2017: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 51871 ....
Code: Accounting-Response
Identifier: 157
Authentic: 0'<148><171>i2<3>(/9<194>><203><161><142>n
Attributes:
Accounting log:
Tue Nov 28 09:28:32 2017
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Start
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Class = "Tag1=one, Tag2=two, Tag3=three"
Tag1 = one
Tag2 = two
Tag3 = three
Timestamp = 1511821712
Tue Nov 28 09:28:32 2017
User-Name = "mikem"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
NAS-Port-Type = Async
Acct-Session-Id = "00001234"
Acct-Status-Type = Stop
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
Acct-Delay-Time = 0
Acct-Session-Time = 1000
Acct-Input-Octets = 20000
Acct-Output-Octets = 30000
Class = "Tag1=one, Tag2=two, Tag3=three"
Tag1 = one
Tag2 = two
Tag3 = three
Timestamp = 1511821712
> On 28 Nov 2017, at 03:55, Robert Blayzor <[email protected]> wrote:
>
> We use Class pretty extensively to carry over a value from access requests
> into accounting requests, etc. Since “Class” is already used and appears you
> can only have one Class attribute; is there any other arbitrary RADIUS
> attribute that is supported in a session on the client? Looking to tag/mark
> sessions a certain way for logging purposes and would really rather not make
> a mess out of Class which is already being used.
>
> What we are trying to do is at access accept time tag/mark a session a
> certain what so that when accounting records come in, we can look for this
> attribute and log additional information based on that tag/mark.
>
> Ideas?
>
> --
> inoc.net!rblayzor
> XMPP: rblayzor.AT.inoc.net
> PGP: https://inoc.net/~rblayzor/
>
>
>
>
>
>
>
>
>
>
>
>
>
>
> _______________________________________________
> radiator mailing list
> [email protected]
> http://lists.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
[email protected]
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://lists.open.com.au/mailman/listinfo/radiator
