On Feb 22, 12:12am, Aaron Holtz wrote:
> Subject: (RADIATOR) Anyone know....
> How to get the user's group ID during the accouting phase? I don't think
> it would be difficult. I've made a small patch to radiator that makes
> auth'ing out of /etc/shadow emulate /etc/passwd in that the $user->{Group}
> hash is built during startup. This allows me to track and test a user
> for rejection based on their group ID in the password file in addition to
> their entry in /etc/group. I would also like to log into my sessionDB
> their group ID as well. The problem I'm having (I think) is how to get the
> hash value for the username to get the info out of the array that I want.
> In Handler.pm (around line 467) I can't simply do as a test:
>
> &main::log($main::LOG_DEBUG, "This user's group is: $name->{Group}");
>
> I get the error:
>
> Can't use string ("username") as a HASH ref while "strict
> refs" in use at .....
>
> The 'username' is replaced with the person's username. Anyone know how I
> can turn that username into a proper hash value to get the information I
> want? I would think there is a subroutine to pack that username (if that
> is the proper method) to get the info I want. Any help is appreciated!
> Thanks much.
Its really tricky to get the user record at that point in Handler.pm. In any
case, a succcessful authentication may have user more than one user record (in
th case of cascaded auths etc.
I think the best thing to do would be to add some code like this to your
patched Auth code in findUser(). Assuming you have the name or number of the
group the user is in, in $group:
$user->get_reply->add_attr('Class', $group);
Then if the user is accepted, the NAS will get a reply item of Class set to
your users group name/number. Then, any subsequent accouting requests for that
session will have Class set to the same value. Viola, you have the group ID in
the accouting requests. All you have to do is then is tuck it away somewher
useful.
Hope that helps.
Cheers.
>
> --------------------------------------------------------------------------
> Aaron Holtz
> ComNet Inc.
> Manager, Unix Systems Administration
> Email: [EMAIL PROTECTED]
> "It's not broken, it just lacks duct tape."
> --------------------------------------------------------------------------
>
>
>
>
> ===
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
>-- End of excerpt from Aaron Holtz
--
Mike McCauley [EMAIL PROTECTED]
Open System Consultants Pty. Ltd Unix, Motif, C++, WWW
24 Bateman St Hampton, VIC 3188 Australia Consulting and development
Phone, Fax: +61 3 9598-0985 http://www.open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, external, etc etc etc on Unix, Win95, NT, Rhapsody
===
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
