Thanks Heikki, Appreciate the assist, now that it's differentiated I can make it more user friendly with a stored proc or job.
;) On Tue, Jan 7, 2014 at 2:52 PM, Heikki Vatiainen <[email protected]> wrote: > On 01/07/2014 11:17 AM, ronald higgins wrote: > > Hi All, > > > I've got a AuthSelect that checks if an account is active on our CMDB > > but when the check fails (inactive user result) what get's logged to > > RADAUTHLOG is "no such user" which is a little misleading for the > > support staff. > > > > Is there a way to write something more descriptive for this check to > > RADAUTHLOG such as "account inactive" ? Perhaps a different AuthLog > > called from this AuthBy? > > I'd change the AuthSelect so that it only does a lookup based on the > username, or subscriber_id in your case. Now it also does authorization > (enabled='1'). Something like this: > > <Hander ...> > AddToRequest X-Enabled=1 > <AuthBy SQL> > ... > AuthSelect select status from subscribers where subscriber_id='%n' > > AuthColumnDef 0, X-Enabled, check > </AuthBy> > </Handler> > > If there is no subscriber, you will get 'No such user' which is correct. > If the account is not enabled, you will get a complaint about X-Enabled > not matching the expected value. In other words, the lookup is just for > fetching the information (if any) and the AuthColumnDef(s) do the > authorization checks. > > Thanks, > Heikki > > > Current AuthBy: > > > > <AuthBy SQL> > > > > Identifier Auth_Acct_Status > > > > NoDefault > > DBSource dbi:mysql:[dbname]:[hostname]:3306 > > DBUsername **** > > DBAuth **** > > > > FailureBackoffTime 10 > > > > AuthSelect select status from subscribers where > > subscriber_id='%n' and enabled='1'; > > > > </AuthBy> > > > -- > Heikki Vatiainen <[email protected]> > > Radiator: the most portable, flexible and configurable RADIUS server > anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, > Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, > TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, > DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, > NetWare etc. > _______________________________________________ > radiator mailing list > [email protected] > http://www.open.com.au/mailman/listinfo/radiator >
_______________________________________________ radiator mailing list [email protected] http://www.open.com.au/mailman/listinfo/radiator
