Hello Francisco -
The Handler that you show below, and the PostAuthHook within it will be executed for the access request, the accounting start and the accounting stop (and any other accounting requests like Alives, etc.) that match the Handler condition.
Your hook code will need to check the request packet and take different actions for the different types of request.
regards
Hugh
On Wednesday, Jul 23, 2003, at 20:00 Australia/Melbourne, fcontreiras wrote:
Hi Hugh,
I kow how to run a hook code when a Radius request is made and an accounting start ocours,
<Handler ....> <AuthBy ....> .... </AuthBy> PostAuthHook file:"perl_script" </Handler>
but how can I run a hook code when a accounting stop ocours? the same script is executed?
Thank's
Francisco Contreiras
----------------------------------------------------------------------- --------------
Hello Francisco -
Your hook code will run for every radius request matched by this Handler.
Your code should check to see if it is an accounting start or an accounting stop. If the request is an accounting start, then add a rule to the NAT list using the Framed-IP-Address in the request. If the request is an accounting stop, then remove the rule from the NAT list again using the Framed-IP-Address in the request.
regards
Hugh
On Thursday, Jul 17, 2003, at 20:31 Australia/Melbourne, Francisco Contreiras wrote:
I'm having some trouble finding out witch example in hooks.txt should suit my needs:
- After the Authentication, run a script (perl, ...) to add a rule in
IPTABLES adding the authenticated client IP to the NAT list;
As far as I understood I should use:
<Handler ....>
<AuthBy ....>
....
</AuthBy>
PostAuthHook file:"perl_script"
</Handler>
- To know the witch client IP I need to use the <AddressAllocator DHCP>
clause or can I stay witch my DHCPD service?
- When user disconnects form the network, how can I run another script
to remove him from the IPTABLES list?
Best regards,
Francisco Contreiras
-----Original Message----- From: Hugh Irvine [mailto:[EMAIL PROTECTED] Sent: quinta-feira, 17 de Julho de 2003 3:23 To: Francisco Contreiras Cc: [EMAIL PROTECTED] Subject: Re: (RADIATOR) Radiator & IPTables integraton
Hello Francisco -
You can use a PostAuthHook to do whatever is required to add a dynamic rule to iptables.
There are some example hooks in the file "goodies/hooks.txt" in the Radiator distribution.
regards
Hugh
WWW
Is it possible to add a dynamic rule to Iptables allowing the authenticated user IP to be able to use NAT. How do I get the client information (IP assigned by DHCP or by Radiator) from Radiator.
Thank's Francisco Contreiras
-------------------------------------------------------
-- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. Ltd Unix, Perl, Motif, C++,TLS,24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955
Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP,TTLS, PEAP etc on Unix, Windows, MacOS etc.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
