Hello Ganbold -
Yes you can do as you show below, but you will probably need to use an AuthByPolicy to control the execution of the AuthBy clauses. See section 6.23.1 in the Radiator 3.6 reference manual.
regards
Hugh
On Wednesday, Aug 20, 2003, at 13:22 Australia/Melbourne, Ganbold wrote:
Hi Hugh,
So it means that I can use external program instead of hooks?
I attached 2 config files, one uses hooks and another on supposed to use external program.
Is the new config that uses external program suppose to do same thing as previous config with hooks?
Below is new config file that suppose to use external program:
----------------------------------------------------------------------- ---------------------------------------------------
Foreground
Trace 4
AuthPort 1645 AcctPort 1646
LogDir /var/log/radius LogFile %L/logfilevoice
DictionaryFile /usr/home/tsgan/Radiator-3.6/dictionary
<Client xxx.xxx.xxx.xxx> Secret xxx NasType Cisco SNMPCommunity xxx StatusServerShowClientDetails </Client>
# authby clause for ACCOUNTING <AuthBy SQL> DBSource dbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass
Identifier VoipSQLAcctOnly
AuthSelect
AccountingTable voip_accounting AccountingStopsOnly
AcctColumnDef nasipaddress,NAS-IP-Address AcctColumnDef cisco_nas_port,Cisco-NAS-Port AcctColumnDef card_number,User-Name
</AuthBy>
# authby clause for credit_time <AuthBy SQL> DBSource dbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass
Identifier CreditTime
AuthSelect select pin,concat('h323-credit-amount=',creditamount),'h323-return- code=0','h323-preferred-lang=en','h323-billing-model=1' from cards where cardnumber='%n' and status='Active' and pin is not null
AuthColumnDef 0, Password, check AuthColumnDef 2, cisco-h323-return-code, reply
AccountingTable
DefaultSimultaneousUse 1 RejectEmptyPassword
</AuthBy>
# authby clause for first second authorizarion <AuthBy SQL> DBSource dbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass
Identifier CreditAmount
AuthSelect select pin,concat('h323-credit-amount=',creditamount),'h323-return- code=0','h323-preferred-lang=en','h323-billing-model=1' from cards where cardnumber='%n' and status='Active' and pin is not null
AuthColumnDef 0, Password, check AuthColumnDef 1, cisco-h323-credit-amount, reply AuthColumnDef 2, cisco-h323-return-code, reply AuthColumnDef 3, cisco-h323-preferred-lang, reply AuthColumnDef 4, cisco-h323-billing-model, reply
AccountingTable
DefaultSimultaneousUse 1 RejectEmptyPassword
</AuthBy>
# authby clause for transfer balance <AuthBy SQL> DBSource dbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass
Identifier SqlTransferBal
AuthSelect select concat('h323-credit-amount=',creditamount),'h323-return-code=0' from cards where locate(cardnumber,'%n')=1 and creditamount >= trim(substring('%{cisco-h323-credit-amount}',locate('=','%{cisco-h323- credit-amount}')+1)) and status='Active'
AuthColumnDef 0, cisco-h323-credit-amount, reply AuthColumnDef 1, cisco-h323-return-code, reply
AccountingTable
DefaultSimultaneousUse 1 RejectEmptyPassword
</AuthBy>
<AuthBy EXTERNAL> Identifier CalculateCreditAmountUsed Command /usr/local/bin/CalculateCreditAmountUsed </AuthBy>
<AuthBy EXTERNAL> Identifier CalculateCreditTime Command /usr/local/bin/CalculateCreditTime </AuthBy>
<AuthBy EXTERNAL> Identifier TransferBalance Command /usr/local/bin/TransferBalance </AuthBy>
<AuthBy EXTERNAL> Identifier ChangePin Command /usr/local/bin/ChangePin </AuthBy>
<AuthBy EXTERNAL> Identifier CheckPrepaidVoip Command /usr/local/bin/CheckPrepaidVoip </AuthBy>
<Handler Request-Type = Accounting-Request, User-Name = /^([0-9])+$/> AuthBy CalculateCreditAmountUsed AuthBy VoipSQLAcctOnly </Handler>
<Handler User-Name = /^([0-9])+%([0-9])+$/> RejectHasReason AccountingHandled AuthBy SqlTransferBal AuthBy TransferBalance </Handler>
<Handler Called-Station-Id = /^([0-9])+$/> RejectHasReason AccountingHandled AuthBy CreditTime AuthBy CalculateCreditTime </Handler>
<Handler> AuthBy ChangePin RejectHasReason AccountingHandled SessionDatabase SQL1 AuthBy CreditAmount AuthBy CheckPrepaidVoip </Handler>
<SessionDatabase SQL> DBSource dbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass
Identifier SQL1
AddQuery
DeleteQuery
ClearNasQuery delete from voip_online where NASIDENTIFIER='%N'
CountQuery
</SessionDatabase>
----------------------------------------------------------------------- ---------------------------------------------------
Below is the original config file with hooks
----------------------------------------------------------------------- ----------------------------------------------------
Foreground
Trace 4
AuthPort 1645 AcctPort 1646
LogDir /var/log/radius LogFile %L/logfilevoice
DictionaryFile /usr/home/tsgan/Radiator-3.6/dictionary
<Client xxx.xxx.xxx.xxx> Secret xxx NasType Cisco SNMPCommunity xxx StatusServerShowClientDetails </Client>
# authby clause for ACCOUNTING <AuthBy SQL> DBSource dbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass
Identifier VoipSQLAcctOnly
AuthSelect
AccountingTable voip_accounting AccountingStopsOnly
AcctColumnDef nasipaddress,NAS-IP-Address AcctColumnDef cisco_nas_port,Cisco-NAS-Port AcctColumnDef card_number,User-Name
</AuthBy>
# authby clause for credit_time <AuthBy SQL> DBSource dbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass
Identifier CreditTime
AuthSelect select pin,concat('h323-credit-amount=',creditamount),'h323-return- code=0','h323-preferred-lang=en','h323-billing-model=1' from cards where cardnumber='%n' and status='Active' and pin is not null
AuthColumnDef 0, Password, check AuthColumnDef 2, cisco-h323-return-code, reply
AccountingTable
DefaultSimultaneousUse 1 RejectEmptyPassword
</AuthBy>
# authby clause for first second authorizarion <AuthBy SQL> DBSource dbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass
Identifier CreditAmount
AuthSelect select pin,concat('h323-credit-amount=',creditamount),'h323-return- code=0','h323-preferred-lang=en','h323-billing-model=1' from cards where cardnumber='%n' and status='Active' and pin is not null
AuthColumnDef 0, Password, check AuthColumnDef 1, cisco-h323-credit-amount, reply AuthColumnDef 2, cisco-h323-return-code, reply AuthColumnDef 3, cisco-h323-preferred-lang, reply AuthColumnDef 4, cisco-h323-billing-model, reply
AccountingTable
DefaultSimultaneousUse 1 RejectEmptyPassword
</AuthBy>
# authby clause for transfer balance <AuthBy SQL> DBSource dbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass
Identifier SqlTransferBal
AuthSelect select concat('h323-credit-amount=',creditamount),'h323-return-code=0' from cards where locate(cardnumber,'%n')=1 and creditamount >= trim(substring('%{cisco-h323-credit-amount}',locate('=','%{cisco-h323- credit-amount}')+1)) and status='Active'
AuthColumnDef 0, cisco-h323-credit-amount, reply AuthColumnDef 1, cisco-h323-return-code, reply
AccountingTable
DefaultSimultaneousUse 1 RejectEmptyPassword
</AuthBy>
<Handler Request-Type = Accounting-Request, User-Name = /^([0-9])+$/>
PreAuthHook file:"/usr/home/tsgan/Radiator-3.6/hooks/CalculateCreditAmountUsed"
AuthBy VoipSQLAcctOnly
</Handler>
<Handler User-Name = /^([0-9])+%([0-9])+$/>
RejectHasReason
AccountingHandled
AuthBy SqlTransferBal
PostAuthHook file:"/usr/home/tsgan/Radiator-3.6/hooks/TransferBalance"
</Handler>
<Handler Called-Station-Id = /^([0-9])+$/>
RejectHasReason
AccountingHandled
AuthBy CreditTime
PostAuthHook file:"/usr/home/tsgan/Radiator-3.6/hooks/CalculateCreditTime"
</Handler>
<Handler>
PreAuthHook file:"/usr/home/tsgan/Radiator-3.6/hooks/ChangePin"
RejectHasReason
AccountingHandled
SessionDatabase SQL1
AuthBy CreditAmount
PostAuthHook file:"/usr/home/tsgan/Radiator-3.6/hooks/CheckPrepaidVoip"
</Handler>
<SessionDatabase SQL> DBSource dbi:mysql:db:localhost DBUsername dbuser DBAuth dbpass
Identifier SQL1 AddQuery DeleteQuery ClearNasQuery delete from voip_online where NASIDENTIFIER='%N' CountQuery </SessionDatabase>
At 06:03 PM 8/19/2003 +1000, you wrote:
Hello Ganbold -
You can always use the AuthBy EXTERNAL clause to call an external program in whatever language you prefer.
What do you mean by "compile or decrypt the hook codes"?
Note that the hooks in Radiator *are* compiled at run time, as is the rest of Radiator.
regards
Hugh
On Tuesday, Aug 19, 2003, at 16:00 Australia/Melbourne, Ganbold wrote:
Hi,
Is it possible to write various hooks in language other than perl (for example in C)?
Or is there anyway to compile or decrypt the hook codes?
tia,
Ganbold Micom Co., Ltd
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
NB: have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening?
-- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence.
=== Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
