Hello Pavel -
Yes I see your point.
Unfortunately, AuthBy FILE doesn’t have a way to do this, unlike AuthBy SQL for
example.
However, here is a simple way to do it:
<Handler>
AuthByPolicy ContinueWhileAccept
<AuthBy FILE>
Filename %D/users.test1
</AuthBy>
<AuthBy GROUP>
AddToRequest OSC-Group-Identifier =
%{Reply:OSC-Group-Identifier}
<AuthBy FILE>
Filename %D/users.test2
</AuthBy>
</AuthBy>
</Handler>
Here are the users files I tested with:
# users.test1
hugh Password=hugh
OSC-Group-Identifier = something
# users.test2
DEFAULT OSC-Group-Identifier=something
Reply-Message = GREAT
and here is the DEBUG output:
Radiator-4.27-1 % perl radpwtst -user hugh -password hugh -noacct
sending Access-Request
4ff03830 Thu Feb 9 10:08:52 2023 354961: DEBUG: Packet dump:
4ff03830 *** Received from 127.0.0.1 port 58195 ....
4ff03830 Code: Access-Request
4ff03830 Identifier: 174
4ff03830 Authentic: RE&]<18><244>}V<187><227><128><248><247>NP<130>
4ff03830 Attributes:
4ff03830 User-Name = "hugh"
4ff03830 Service-Type = Framed-User
4ff03830 NAS-IP-Address = 203.63.154.1
4ff03830 NAS-Identifier = "203.63.154.1"
4ff03830 NAS-Port = 1234
4ff03830 Called-Station-Id = "123456789"
4ff03830 Calling-Station-Id = "987654321"
4ff03830 NAS-Port-Type = Async
4ff03830 User-Password = <162><243>5<150> <226>QY}u<209>b<168><30><153>5
4ff03830 4ff03830 Thu Feb 9 10:08:52 2023 355278: DEBUG: Handling request
with Handler '', Identifier ''
4ff03830 Thu Feb 9 10:08:52 2023 355501: DEBUG: SessINTERNAL: Deleting session
for hugh, 203.63.154.1, 1234
4ff03830 Thu Feb 9 10:08:52 2023 355722: DEBUG: Handling with
Radius::AuthFILE: 4ff03830 Thu Feb 9 10:08:52 2023 356113: DEBUG: Reading
users file ./users.test1
4ff03830 Thu Feb 9 10:08:52 2023 356684: DEBUG: Radius::AuthFILE looks for
match with 'hugh' [hugh]
4ff03830 Thu Feb 9 10:08:52 2023 356905: DEBUG: Radius::AuthFILE ACCEPT: :
'hugh' [hugh]
4ff03830 Thu Feb 9 10:08:52 2023 357083: DEBUG: AuthBy FILE result: ACCEPT,
4ff03830 Thu Feb 9 10:08:52 2023 357214: DEBUG: Handling with
Radius::AuthGROUP: 4ff03830 Thu Feb 9 10:08:52 2023 357438: DEBUG: Handling
with Radius::AuthFILE: 4ff03830 Thu Feb 9 10:08:52 2023 357599: DEBUG:
Reading users file ./users.test2
4ff03830 Thu Feb 9 10:08:52 2023 357979: DEBUG: Radius::AuthFILE looks for
match with 'hugh' [hugh]
4ff03830 Thu Feb 9 10:08:52 2023 358117: DEBUG: Radius::AuthFILE REJECT: No
such user: 'hugh' [hugh]
4ff03830 Thu Feb 9 10:08:52 2023 358286: DEBUG: Radius::AuthFILE looks for
match with 'DEFAULT' [hugh]
4ff03830 Thu Feb 9 10:08:52 2023 358427: DEBUG: Radius::AuthFILE ACCEPT: :
'DEFAULT' [hugh]
4ff03830 Thu Feb 9 10:08:52 2023 358556: DEBUG: Radius::AuthGROUP: result:
ACCEPT, 4ff03830 Thu Feb 9 10:08:52 2023 358676: DEBUG: AuthBy GROUP result:
ACCEPT, 4ff03830 Thu Feb 9 10:08:52 2023 358801: DEBUG: Access accepted for
hugh
4ff03830 Thu Feb 9 10:08:52 2023 359059: DEBUG: Packet dump:
4ff03830 *** Sending to 127.0.0.1 port 58195 ....
4ff03830 Code: Access-Accept
4ff03830 Identifier: 174
4ff03830 Authentic: <1>c<136><175><209>M<4><239><251><29><210><157>z<222><216>I
4ff03830 Attributes:
4ff03830 OSC-Group-Identifier = "something"
4ff03830 Reply-Message = "GREAT"
4ff03830
Hopefully that helps.
regards
Hugh
> On 9 Feb 2023, at 02:15, Pavel Krasotin via radiator
> <[email protected]> wrote:
>
> Hi All -
>
> what is the best way to add attributes to request?
> I would like to authenticate users from one file and add reply attributes
> from another selecting them by custom attribute, ex. My-User-Group.
>
> I've done this with PostAuthHook but I think it's ugly.
>
> Here is my config.
>
> radiator.cfg:
> ...
> <AuthBy FILE>
> Identifier L2TP-USERS
> Filename %D/conf.d/l2tp-users
> PostAuthHook sub { \
> my ($req, $rep, $handled, $reason) = @_; \
> if (${$handled} == $main::ACCEPT && ${$req}->code() eq
> 'Access-Request') \
> {\
> my $my_group = ${$rep}->get_attr('My-User-Group'); \
> &main::log($main::LOG_DEBUG, "Group: " . $my_group); \
> if ($my_group) {\
> ${$req}-> add_attr('My-User-Group',$my_group); \
> } \
> } \
> };
> </AuthBy>
>
> <AuthBy FILE>
> AuthenticateAttribute My-User-Group
> Identifier L2TP-PROFILE
> Filename %D/conf.d/l2tp-profile
> </AuthBy>
>
> <AuthBy GROUP>
> Identifier LOGINUSER
> AuthByPolicy ContinueUntilReject
> AuthBy L2TP-USERS
> AuthBy L2TP-PROFILE
> </AuthBy>
>
> <Handler Service-Type = Framed-User>
> AuthBy LOGINUSER
> ...
> StripFromReply My-User-Group
> </Handler>
>
> conf.d/l2tp-users:
> user User-Password="password"
> My-User-Group="l2tp"
>
> conf.d/l2tp-profile:
> l2tp
> Service-Type = Framed-User,
> Framed-Protocol = PPP
>
> --
> Best wishes
> Pavel
>
>
> _______________________________________________
> radiator mailing list
> [email protected]
> https://lists.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
[email protected] <mailto:[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
https://lists.open.com.au/mailman/listinfo/radiator
