date:20020222

(RADIATOR) Changing User-Name in hook

2002-02-22 Thread Frank Danielson




Hi-

We're trying to use 
Radiator to authenticate dialup users using the Calling-Station-Id instead of 
the User-Name. All of the users dial in using the same name and password so I 
want to use a hook to put the value of the Calling-Station-Id attribute into the 
User-Name attribute. It seems easy enough and the simple hook I wrote thinks 
that it is working but the user is still being logged in the session database 
and authenticated using the original User-Name value. Is there something I'm 
missing or is this just not possible for some reason?

Config file 
snippet:

PreClientHook sub 
{\my $p = ${$_[0]};\my 
$dnis=$p-get_attr('Called-Station-Id');\$dnis =~ 
s/\D//g;\$p-change_attr('Called-Station-Id',$dnis);\main::log($main::LOG_DEBUG,"Dnis:$dnis, 
");\if ($dnis eq "777") {\my $p = 
${$_[0]};\my 
$min=$p-get_attr('Calling-Station-Id');\my 
$olduser=$p-get_attr('User-Name');\$p-change_attr('User-Name',$min);\my 
$newuser=$p-get_attr('User-Name');\main::log($main::LOG_DEBUG,"Min:$min, 
OldUser:$olduser NewUser:$newuser\n");\}\}

Trace 4 
Debug:

*** Received from 10.1.10.6 port 1818 
Code: 
Access-RequestIdentifier: 184Authentic: 
1234567890123456Attributes: 
User-Name = "qnc" Service-Type = 
Framed-User NAS-IP-Address = 
203.63.154.1 NAS-Port = 
1234 Called-Station-Id = 
"#777" Calling-Station-Id = 
"987654321" NAS-Port-Type = 
Async User-Password = 
"136229173175\424618889160216}x153"

Fri Feb 22 13:15:25 2002: DEBUG: Dnis:777,Fri 
Feb 22 13:15:25 2002: DEBUG: Min:987654321, OldUser:qnc 
NewUser:987654321

Fri Feb 22 13:15:25 2002: DEBUG: Check if Handler 
Called-Station-Id=777 should be used to handle this requestFri Feb 22 13:15:25 2002: DEBUG: 
Handling request with Handler 'Called-Station-Id=777'Fri Feb 22 13:15:25 
2002: DEBUG: SDB1 Deleting session for qnc, 203.63.154.1, 1234Fri Feb 22 
13:15:25 2002: DEBUG: Handling with AuthINTERNAL:Fri Feb 22 13:15:25 2002: 
DEBUG: Access accepted for qncFri Feb 22 13:15:25 2002: DEBUG: Packet 
dump:*** Sending to 10.1.10.6 port 1818 
Code: Access-AcceptIdentifier: 
184Authentic: 1234567890123456Attributes:



Frank Danielson
[Infrastructure 
Architect]

wireless: 
407.467.7832
wireline: 407.515.8633

Data On Air
301 E. Pine St. 
Suite 450
Orlando, Fl 
32801
http://www.dataonair.com

Re: (RADIATOR) SNMP agent, CHAP and Radiator

2002-02-22 Thread Hugh Irvine



Hello Tunde -

On Fri, 22 Feb 2002 21:35, Tunde Itayemi wrote:
 Hi All,
 Please I have some questions.
 1. I haven't been able to configure the SNMP agent section of the
 radius.cfg file. the default is:
 SNMP
 SNMPAgent
rocommunity RadiatorCommunity
Port162
 /SNMPAgent
 I have a RedHat 7.2 system (server installation).
 I have taken a look at the snmp configuration file (/etc/snmp/snmpd.conf)
 but can't make head or tail of what modifications to make. If I start
 radiator with the default config, it complians of the community entry in
 the radius.cfg file.


Have you installed the SNMP_session module? Section 6.14 in the Radiator 2.19 
reference manual (doc/ref.html).

 2. Radiator/CHAP/PAP and NASes
 I work for an ISP and we are trying to migrate away from Windows 2000
 server as our authentication patform. For now, I have radiator installed on
 a RedHat 7.2 system configured to authenticate against a remote Oracle
 database. My problem is as below. The database contains plaintext user
 passwords. If my users configure their dialups to use CHAP, would I still
 be able to authenticate them correctly? Currently, the Windows 2000 server
 is properly configured - under the security tab, when you select RAS
 properties, I have selected PAP alone as the authentication method. a. Now,
 assume the dialup $ VPN connections on my client machines are set up with
 CHAP/MSCHAP, do I need to make any changes?

No - as long as you have have cleartext passwords in your database, PAP, 
CHAP, MS-CHAP are all handled automatically.

 b. The RAS-Properties-Security-Authentication method-PAP/EAP/CHAP
 etc setting - does it imply the exchange of password data between Win2K and
 Radiator OR user and Win2K OR ALL three?


I am not sure what you are referring to here.

 My desired objective is to allow my dialup clients to configure their
 systems to use CHAP, while I keep my Oracle database with user passwords as
 plain text.


As long as the passwords in the database are plain text, you can use whatever 
authentication method you like.

regards

Hugh


-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

RE: (RADIATOR) Changing User-Name in hook

2002-02-22 Thread Frank Danielson


We're authenticating and accounting for calls made by cellular phones to a 
3Com NAS. The phones are preprogrammed to all dial a certain number (#777) and 
all use the same user name and password. I had originally planned to 
authenticate from the Calling-Station-Id but the problem I ran into was that 
other funtions such as the session database and session limit checking use the 
User-Name attribute. We will be having some other users dialing in with unique 
names and passwords that will be authenticated normally so it seemd to make 
much more sense to do the User-Name translation in the beginning than worry 
about all of the other places where I may need to decide whether to use the 
User-Name or Calling-Station-Id.
 After a little bit of poking around I found that Radiator stores the original 
user name so even if you change the User-Name attribute in a hook, the 
original user name is used for later authentication and session-limit 
checking. Modifiying the OriginalUserName attribute fixed my problem although 
I'm sure there was a reason for keeping the original copy of it that I may not 
be aware of.

= Original Message From [EMAIL PROTECTED] =
Hello Frank -

You would usually just use the Calling-Station-Id attribute directly, and
provide an AuthSelect statement in the AuthBy SQL clause (assuming you are
using an SQL database).

Perhaps you could describe you requirements in  more detail?

regards

Hugh


On Sat, 23 Feb 2002 05:30, Frank Danielson wrote:
 Hi-

 We're trying to use Radiator to authenticate dialup users using the
 Calling-Station-Id instead of the User-Name. All of the users dial in using
 the same name and password so I want to use a hook to put the value of the
 Calling-Station-Id attribute into the User-Name attribute. It seems easy
 enough and the simple hook I wrote thinks that it is working but the user
 is still being logged in the session database and authenticated using the
 original User-Name value. Is there something I'm missing or is this just
 not possible for some reason?

 Config file snippet:

 PreClientHook sub {\
  my $p = ${$_[0]};\
  my $dnis=$p-get_attr('Called-Station-Id');\
  $dnis =~ s/\D//g;\
  $p-change_attr('Called-Station-Id',$dnis);\
  main::log($main::LOG_DEBUG,Dnis:$dnis, );\
  if ($dnis eq 777) {\
   my $p = ${$_[0]};\
   my $min=$p-get_attr('Calling-Station-Id');\
   my $olduser=$p-get_attr('User-Name');\
   $p-change_attr('User-Name',$min);\
   my $newuser=$p-get_attr('User-Name');\
   main::log($main::LOG_DEBUG,Min:$min, OldUser:$olduser
 NewUser:$newuser\n);\
  }\
 }

 Trace 4 Debug:

 *** Received from 10.1.10.6 port 1818 
 Code:   Access-Request
 Identifier: 184
 Authentic:  1234567890123456
 Attributes:
 User-Name = qnc
 Service-Type = Framed-User
 NAS-IP-Address = 203.63.154.1
 NAS-Port = 1234
 Called-Station-Id = #777
 Calling-Station-Id = 987654321
 NAS-Port-Type = Async
 User-Password =
 136229173175\424618889160216}x153

 

 Fri Feb 22 13:15:25 2002: DEBUG: Dnis:777,
 Fri Feb 22 13:15:25 2002: DEBUG: Min:987654321, OldUser:qnc
 NewUser:987654321

 Fri Feb 22 13:15:25 2002: DEBUG: Check if Handler Called-Station-Id=777
 should be used to handle this request
 Fri Feb 22 13:15:25 2002: DEBUG: Handling request with Handler
 'Called-Station-Id=777'
 Fri Feb 22 13:15:25 2002: DEBUG: SDB1 Deleting session for qnc,
 203.63.154.1, 1234
 Fri Feb 22 13:15:25 2002: DEBUG: Handling with AuthINTERNAL:
 Fri Feb 22 13:15:25 2002: DEBUG: Access accepted for qnc
 Fri Feb 22 13:15:25 2002: DEBUG: Packet dump:
 *** Sending to 10.1.10.6 port 1818 
 Code:   Access-Accept
 Identifier: 184
 Authentic:  1234567890123456
 Attributes:

 Frank Danielson
 [Infrastructure Architect]

 wireless: 407.467.7832
 wireline: 407.515.8633

 Data On Air
 301 E. Pine St. Suite 450
 Orlando, Fl 32801
 http://www.dataonair.com http://www.dataonair.com/

--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.

(RADIATOR) Changing User-Name in hook

Re: (RADIATOR) SNMP agent, CHAP and Radiator

RE: (RADIATOR) Changing User-Name in hook

3 matches

Site Navigation

Mail list logo

Footer information