Hello Francisco -
Your hook code will run for every radius request matched by this Handler.
Your code should check to see if it is an accounting start or an accounting stop. If the request is an accounting start, then add a rule to the NAT list using the Framed-IP-Address in the request. If the request is an accounting stop, then remove the rule from the NAT list again using the Framed-IP-Address in the request.
regards
Hugh
On Thursday, Jul 17, 2003, at 20:31 Australia/Melbourne, Francisco Contreiras wrote:
I'm having some trouble finding out witch example in hooks.txt should suit my needs:
- After the Authentication, run a script (perl, ...) to add a rule in IPTABLES adding the authenticated client IP to the NAT list; As far as I understood I should use: <Handler ....> <AuthBy ....> .... </AuthBy> PostAuthHook file:"perl_script" </Handler> - To know the witch client IP I need to use the <AddressAllocator DHCP> clause or can I stay witch my DHCPD service? - When user disconnects form the network, how can I run another script to remove him from the IPTABLES list?
Best regards,
Francisco Contreiras
-----Original Message----- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 17 de Julho de 2003 3:23 To: Francisco Contreiras Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Radiator & IPTables integraton
Hello Francisco -
You can use a PostAuthHook to do whatever is required to add a dynamic rule to iptables.
There are some example hooks in the file "goodies/hooks.txt" in the Radiator distribution.
regards
Hugh
WWW
Is it possible to add a dynamic rule to Iptables allowing the authenticated user IP to be able to use NAT. How do I get the client information (IP assigned by DHCP or by Radiator) from Radiator.
Thank's Francisco Contreiras
-------------------------------------------------------
-- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++,TLS,24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,TTLS, PEAP etc on Unix, Windows, MacOS etc.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
