Re: (RADIATOR) PreHandlerHook

Fri, 17 Nov 2000 16:10:04 -0800 


Hello Lisa -

The hook code looks ok, but what are you doing with the attribute that you are
adding to the request? I can't see anything later in the configuration to deal
with it. BTW - you can always add "print" statements in your hook for debugging
purposes, or even better, add some logging at DEBUG level (see the example
goodies/hooks.txt in the distribution).

regards

Hugh

On Sat, 18 Nov 2000, Lisa Goulet wrote:
> Hi all,
> 
> I've implemented a PreHandlerHook for filtering out Calling-Station-Id. I
> used the code in one of the postings. It doesn't seem to be doing the
> filtering, there is no indication of the code being executed in the logfile.
> There are know errors when the radiator starts up. 
> 
> Here's the radmin.cfg file:
> 
> Foreground
> LogDir                .
> DbDir         .
> 
> Trace 4
> 
> # Secrets between clients
> <Client DEFAULT>
>       Secret  xxxxxxxx
> 
>          PreHandlerHook sub { \
>             my $calledid = ${$_[0]}->get_attr('Calling-Station-Id');\
>             if (${calledid} =~ /207505640|207505641/) {\
>                ${$_[0]}->add_attr('backbone','baduser'); return;\
>             }\
>          } 
> </Client>
> 
> 
> # Database for clients
> <ClientListSQL>
>       DBSource        dbi:Pg:dbname=radmin;host=xxx.xxx.xxx.xxx
>       DBUsername      radmin
>       DBAuth  xxxxxx
> </ClientListSQL>
> 
> 
> # IP address allocation
> <AddressAllocator SQL>
>         Identifier      SQLAllocator
> 
>       DBSource        dbi:Pg:dbname=radmin;host=xxx.xxx.xxx.xxx
>       DBUsername      radmin
>       DBAuth  xxxxxx
>         DefaultLeasePeriod      86400
> 
>         <AddressPool 207500370-213.35.248.144>
>                Subnetmask      255.255.255.255
>                DNSServer       62.58.62.133
>                Range           213.35.224.1 213.35.224.100
>        </AddressPool>
> 
> </AddressAllocator>
> 
> <AuthBy RADMIN>
>       Identifier      CheckRADMIN
>       # Change DBSource, DBUsername, DBAuth for your database
>       # See the reference manual. You will also have to
>       # change the one in <SessionDatabse SQL> below
>       # so its the same
>       DBSource        dbi:Pg:dbname=radmin;host=xxx.xxx.xxx.xxx
>       DBUsername      radmin
>       DBAuth  xxxxxx
> 
>       # You can add to or change these if you want, but you
>       # will probably want to change the database schema first
>       AccountingTable RADUSAGE
>       AcctColumnDef   USERNAME,User-Name
>       AcctColumnDef   TIME_STAMP,Timestamp,integer
>       AcctColumnDef   ACCTSTATUSTYPE,Acct-Status-Type,integer
>       AcctColumnDef   ACCTDELAYTIME,Acct-Delay-Time,integer
>       AcctColumnDef   ACCTINPUTOCTETS,Acct-Input-Octets,integer
>       AcctColumnDef   ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
>       AcctColumnDef   ACCTSESSIONID,Acct-Session-Id
>       AcctColumnDef   ACCTSESSIONTIME,Acct-Session-Time,integer
>       AcctColumnDef   ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
>       AcctColumnDef   FRAMEDIPADDRESS,Framed-IP-Address
>       AcctColumnDef   NASIDENTIFIER,NAS-Identifier
>       AcctColumnDef   NASIDENTIFIER,NAS-IP-Address
>       AcctColumnDef   NASPORT,NAS-Port,integer
>       AcctColumnDef   DNIS,Called-Station-Id
> 
>       # This updates the time and octets left
>       # for this user
>       AcctSQLStatement update RADUSERS set \
>               TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, \
>               OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, \
>               OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where \
>               USERNAME='%n'
> 
>       # These are the classic things to add to each users
>       # reply to allow a PPP dialup session. It may be
>       # different for your NAS. This will add some
>       # reply items to everyone's reply
>       AddToReply Framed-Protocol = PPP,\
>                       Framed-IP-Netmask = 255.255.255.255,\
>                       Framed-Routing = None,\
>               Service-Type = Framed-User,\
>               Ascend-Client-Primary-DNS = 62.58.62.132,\
>                       Framed-MTU = 1500
> </AuthBy>
> 
> 
> <SessionDatabase SQL>
>         # This database spec usually should be exactly the same
>         # as in <AuthBy RADMIN> above
>         DBSource        dbi:Pg:dbname=radmin;host=xxx.xxx.xxx.xxx
>         DBUsername      radmin
>         DBAuth          xxxxxx 
> </SessionDatabase>
> 
> 
> # check based on DNIS
> <Realm DEFAULT>
>       # check each in the list
>       AuthByPolicy ContinueWhileAccept
> 
>       # check port limits
>       <AuthBy PORTLIMITCHECK>
>               LimitQuery select maxports from portlimits \
>                     where DNIS='%{Called-Station-Id}'
>               CountQuery select COUNT(*) from RADONLINE \
>                     where DNIS='%{Called-Station-Id}'
>       </AuthBy>
> 
>       # allocate ip addresses
>       <AuthBy DYNADDRESS>
>               Allocator SQLAllocator
>               PoolHint %{Called-Station-Id}-%{NAS-IP-Address}
>       </AuthBy>
> 
>       # radmin does the rest (user, password etc)
>       AuthBy CheckRADMIN
> </Realm> 
> 
> 
> 
> 
> ===
> Archive at http://www.starport.net/~radiator/
> Announcements on [EMAIL PROTECTED]
> To unsubscribe, email '[EMAIL PROTECTED]' with
> 'unsubscribe radiator' in the body of the message.
-- 
Radiator: the most portable, flexible and configurable RADIUS server 
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, 
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.



===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

Reply via email to