The problem is, that I can define only one calling-station-id in the check attributes. But the user is allowed to call from up to fife numbers.
> -----Original Message----- > From: Hugh Irvine [mailto:[EMAIL PROTECTED]] > Sent: Friday, January 11, 2002 2:38 AM > To: Atto Lorenz; [EMAIL PROTECTED] > Cc: Atto Lorenz; [EMAIL PROTECTED] > Subject: Re: (RADIATOR) problem with changing attributes during an > PreAuthHook > > > > Hello Atto - > > Why don't you just use a check item in the user definition? > > someuser Calling-Station-Id = 11223344 > > Your AuthBy SQL clause would look something like this: > > <AuthBy SQL> > ..... > AuthSelect select PASSWORD, CHECKATTR, REPLYATTR \ > from SUBSCRIBERS where USERNAME = '%n' > AuthColumnDef 0, Password, check > AuthColumnDef 1, GENERIC, check > AuthColumnDef 2, GENERIC, reply > ..... > </AuthBy> > > BTW - the latest version of Radiator is 2.19 and you should > really consider > upgrading. > > Have a look at section 6.28 in the Radiator 2.19 reference manual. > > regards > > Hugh > > > On Thu, 10 Jan 2002 20:31, Atto Lorenz wrote: > > Hi, > > > > today I tried to write an PreAuthHook, which checks the > Calling-Station-ID. > > I have stored the telephonenumbers also in the database. > > > > The idea to check the calling_station_id was to compare the > > calling_station_id from the user with the calling_station_ids from the > > database. If the calling_staton_id from the user don't match one number > > from the database, the hook change the password from the user and the > > normal following authentication fails/reject's the user. > > > > At first I tested the hook with radpwtst script. With the > script the hook > > reject a user if the calling_station_id is wrong. So all was > working fine. > > The next step was to test it with a real NAS. But with this > test the hook > > didn�t work. In the debug log and the accounting data I can see > if I change > > attributes but the NAS get always an Access-Accept. > > > > Must I use an other command the change attributes? I tried it with > > ${$_[0]}->change_attr('....') and with ${$_[1]}->change_attr('...') > > > > An other idea was the use a PostAuthHook and use the > > ${$_[1]}->set_code('Access-Reject'). But this solution also didn't work. > > > > Are there any bugs in the Radiator version 2.16, which damages > the hook's? > > I looked in the history of the next versions but I can't find > any relevant > > information�s. > > > > # > > # PreAuthHook for Radiator > > # > > # Check if the caller_id is ok and deny or permit the user > > # > > sub > > { > > my $request = ${$_[0]}; > > my $reply = ${$_[1]}; > > > > # Get Username and split it in username and realmname > > my($realmusername)=$request->getUserName(); > > my($username,$realmname)=$realmusername=~/^(.+?)@(.+?)$/; > > my($dialok)=1; > > > > # Get Calling-Station-Id if not exist quit > > > my($calling_station_id)=$request->get_attr('Calling-Station-Id'); > > if(!$calling_station_id) > > { > > return(); > > } > > > > # get the caller_id from database if caller_id not exist quit > > my($authby_handle)= Radius::AuthGeneric::find('callerid'); > > my($query)= "select * from snapshot where > loginname='$username' AND > > realmname='$realmname'"; > > my($sth)= $authby_handle->prepareAndExecute($query); > > my($val)=$sth->fetchrow_hashref(); > > > > if(!$val->{caller_id}) > > { > > return(); > > } > > > > # check if caller_id is ok > > my(@callerid)=split(/,/,$val->{caller_id}); > > $calling_station_id=~s/^0*//; > > foreach(@callerid) > > { > > $dialok=0; > > s/^0*//; > > if($_ eq $calling_station_id) > > { > > $dialok=1; > > last; > > } > > } > > > > # if wrong calling_station_id change the password > > if ( not $dialok ) { > > ${$_[0]}->change_attr('User-Password',"xxx"); > > ${$_[1]}->change_attr('User-Password',"xxx"); > > #$reply->set_code ('Access-Reject'); > > } > > > > === > > Archive at http://www.open.com.au/archives/radiator/ > > Announcements on [EMAIL PROTECTED] > > To unsubscribe, email '[EMAIL PROTECTED]' with > > 'unsubscribe radiator' in the body of the message. > > -- > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. > - > Nets: internetwork inventory and management - graphical, extensible, > flexible with hardware, software, platform and database independence. > === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
