On 27/12/2018 21.49, Eric W. Bates wrote:
# nagios tests
<Client netnagios-255>
Identifier Phred
Secret nagiosfoobar
ClientHook sub { \
${$_[0]}->set_identifier('Nagios-'. \
${$_[0]}->get_attr('Called-Station-Id')); \
}
</Client>
This does not work because it changes Radius message's identity field.
Client-Identifier in Hanlder refers to Identifier of Client clause that
matched the incoming Radius message.
You could consider something like this:
<Handler Client-Identifier=myvpn>
<AuthBy ...>
Identifier myvpn-authby
</AuthBy>
AuthLog authlog-for-vpnusers
</Handler>
<Handler Client-Identifier=netnagios-255,
Called-Station-Id=csi-for-vpncheck>
AuthBy myvpn-authby
AuthLog authlog-for-nagioscheck
</Handler>
This example allows you to have a Handler set up only for VPN use.
Nagios checks would use the same AuthBy, but would not, for example,
litter the actual VPN user authentication log.
Please let us know if this would work. There could be other ways to do
it, but I thought the above might be a good way to keep things separated
but still utilising the common configuration parts.
Thanks,
Heikki
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
