On 01/07/2014 11:17 AM, ronald higgins wrote:
> Hi All,
> I've got a AuthSelect that checks if an account is active on our CMDB
> but when the check fails (inactive user result) what get's logged to
> RADAUTHLOG is "no such user" which is a little misleading for the
> support staff.
>
> Is there a way to write something more descriptive for this check to
> RADAUTHLOG such as "account inactive" ? Perhaps a different AuthLog
> called from this AuthBy?
I'd change the AuthSelect so that it only does a lookup based on the
username, or subscriber_id in your case. Now it also does authorization
(enabled='1'). Something like this:
<Hander ...>
AddToRequest X-Enabled=1
<AuthBy SQL>
...
AuthSelect select status from subscribers where subscriber_id='%n'
AuthColumnDef 0, X-Enabled, check
</AuthBy>
</Handler>
If there is no subscriber, you will get 'No such user' which is correct.
If the account is not enabled, you will get a complaint about X-Enabled
not matching the expected value. In other words, the lookup is just for
fetching the information (if any) and the AuthColumnDef(s) do the
authorization checks.
Thanks,
Heikki
> Current AuthBy:
>
> <AuthBy SQL>
>
> Identifier Auth_Acct_Status
>
> NoDefault
> DBSource dbi:mysql:[dbname]:[hostname]:3306
> DBUsername ****
> DBAuth ****
>
> FailureBackoffTime 10
>
> AuthSelect select status from subscribers where
> subscriber_id='%n' and enabled='1';
>
> </AuthBy>
--
Heikki Vatiainen <[email protected]>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
_______________________________________________
radiator mailing list
[email protected]
http://www.open.com.au/mailman/listinfo/radiator
