(RADIATOR) Changing User-Name in hook
Hi- We're trying to use Radiator to authenticate dialup users using the Calling-Station-Id instead of the User-Name. All of the users dial in using the same name and password so I want to use a hook to put the value of the Calling-Station-Id attribute into the User-Name attribute. It seems easy enough and the simple hook I wrote thinks that it is working but the user is still being logged in the session database and authenticated using the original User-Name value. Is there something I'm missing or is this just not possible for some reason? Config file snippet: PreClientHook sub {\my $p = ${$_[0]};\my $dnis=$p-get_attr('Called-Station-Id');\$dnis =~ s/\D//g;\$p-change_attr('Called-Station-Id',$dnis);\main::log($main::LOG_DEBUG,"Dnis:$dnis, ");\if ($dnis eq "777") {\my $p = ${$_[0]};\my $min=$p-get_attr('Calling-Station-Id');\my $olduser=$p-get_attr('User-Name');\$p-change_attr('User-Name',$min);\my $newuser=$p-get_attr('User-Name');\main::log($main::LOG_DEBUG,"Min:$min, OldUser:$olduser NewUser:$newuser\n");\}\} Trace 4 Debug: *** Received from 10.1.10.6 port 1818 Code: Access-RequestIdentifier: 184Authentic: 1234567890123456Attributes: User-Name = "qnc" Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = "#777" Calling-Station-Id = "987654321" NAS-Port-Type = Async User-Password = "136229173175\424618889160216}x153" Fri Feb 22 13:15:25 2002: DEBUG: Dnis:777,Fri Feb 22 13:15:25 2002: DEBUG: Min:987654321, OldUser:qnc NewUser:987654321 Fri Feb 22 13:15:25 2002: DEBUG: Check if Handler Called-Station-Id=777 should be used to handle this requestFri Feb 22 13:15:25 2002: DEBUG: Handling request with Handler 'Called-Station-Id=777'Fri Feb 22 13:15:25 2002: DEBUG: SDB1 Deleting session for qnc, 203.63.154.1, 1234Fri Feb 22 13:15:25 2002: DEBUG: Handling with AuthINTERNAL:Fri Feb 22 13:15:25 2002: DEBUG: Access accepted for qncFri Feb 22 13:15:25 2002: DEBUG: Packet dump:*** Sending to 10.1.10.6 port 1818 Code: Access-AcceptIdentifier: 184Authentic: 1234567890123456Attributes: Frank Danielson [Infrastructure Architect] wireless: 407.467.7832 wireline: 407.515.8633 Data On Air 301 E. Pine St. Suite 450 Orlando, Fl 32801 http://www.dataonair.com
Re: (RADIATOR) SNMP agent, CHAP and Radiator
Hello Tunde - On Fri, 22 Feb 2002 21:35, Tunde Itayemi wrote: Hi All, Please I have some questions. 1. I haven't been able to configure the SNMP agent section of the radius.cfg file. the default is: SNMP SNMPAgent rocommunity RadiatorCommunity Port162 /SNMPAgent I have a RedHat 7.2 system (server installation). I have taken a look at the snmp configuration file (/etc/snmp/snmpd.conf) but can't make head or tail of what modifications to make. If I start radiator with the default config, it complians of the community entry in the radius.cfg file. Have you installed the SNMP_session module? Section 6.14 in the Radiator 2.19 reference manual (doc/ref.html). 2. Radiator/CHAP/PAP and NASes I work for an ISP and we are trying to migrate away from Windows 2000 server as our authentication patform. For now, I have radiator installed on a RedHat 7.2 system configured to authenticate against a remote Oracle database. My problem is as below. The database contains plaintext user passwords. If my users configure their dialups to use CHAP, would I still be able to authenticate them correctly? Currently, the Windows 2000 server is properly configured - under the security tab, when you select RAS properties, I have selected PAP alone as the authentication method. a. Now, assume the dialup $ VPN connections on my client machines are set up with CHAP/MSCHAP, do I need to make any changes? No - as long as you have have cleartext passwords in your database, PAP, CHAP, MS-CHAP are all handled automatically. b. The RAS-Properties-Security-Authentication method-PAP/EAP/CHAP etc setting - does it imply the exchange of password data between Win2K and Radiator OR user and Win2K OR ALL three? I am not sure what you are referring to here. My desired objective is to allow my dialup clients to configure their systems to use CHAP, while I keep my Oracle database with user passwords as plain text. As long as the passwords in the database are plain text, you can use whatever authentication method you like. regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) Changing User-Name in hook
We're authenticating and accounting for calls made by cellular phones to a 3Com NAS. The phones are preprogrammed to all dial a certain number (#777) and all use the same user name and password. I had originally planned to authenticate from the Calling-Station-Id but the problem I ran into was that other funtions such as the session database and session limit checking use the User-Name attribute. We will be having some other users dialing in with unique names and passwords that will be authenticated normally so it seemd to make much more sense to do the User-Name translation in the beginning than worry about all of the other places where I may need to decide whether to use the User-Name or Calling-Station-Id. After a little bit of poking around I found that Radiator stores the original user name so even if you change the User-Name attribute in a hook, the original user name is used for later authentication and session-limit checking. Modifiying the OriginalUserName attribute fixed my problem although I'm sure there was a reason for keeping the original copy of it that I may not be aware of. = Original Message From [EMAIL PROTECTED] = Hello Frank - You would usually just use the Calling-Station-Id attribute directly, and provide an AuthSelect statement in the AuthBy SQL clause (assuming you are using an SQL database). Perhaps you could describe you requirements in more detail? regards Hugh On Sat, 23 Feb 2002 05:30, Frank Danielson wrote: Hi- We're trying to use Radiator to authenticate dialup users using the Calling-Station-Id instead of the User-Name. All of the users dial in using the same name and password so I want to use a hook to put the value of the Calling-Station-Id attribute into the User-Name attribute. It seems easy enough and the simple hook I wrote thinks that it is working but the user is still being logged in the session database and authenticated using the original User-Name value. Is there something I'm missing or is this just not possible for some reason? Config file snippet: PreClientHook sub {\ my $p = ${$_[0]};\ my $dnis=$p-get_attr('Called-Station-Id');\ $dnis =~ s/\D//g;\ $p-change_attr('Called-Station-Id',$dnis);\ main::log($main::LOG_DEBUG,Dnis:$dnis, );\ if ($dnis eq 777) {\ my $p = ${$_[0]};\ my $min=$p-get_attr('Calling-Station-Id');\ my $olduser=$p-get_attr('User-Name');\ $p-change_attr('User-Name',$min);\ my $newuser=$p-get_attr('User-Name');\ main::log($main::LOG_DEBUG,Min:$min, OldUser:$olduser NewUser:$newuser\n);\ }\ } Trace 4 Debug: *** Received from 10.1.10.6 port 1818 Code: Access-Request Identifier: 184 Authentic: 1234567890123456 Attributes: User-Name = qnc Service-Type = Framed-User NAS-IP-Address = 203.63.154.1 NAS-Port = 1234 Called-Station-Id = #777 Calling-Station-Id = 987654321 NAS-Port-Type = Async User-Password = 136229173175\424618889160216}x153 Fri Feb 22 13:15:25 2002: DEBUG: Dnis:777, Fri Feb 22 13:15:25 2002: DEBUG: Min:987654321, OldUser:qnc NewUser:987654321 Fri Feb 22 13:15:25 2002: DEBUG: Check if Handler Called-Station-Id=777 should be used to handle this request Fri Feb 22 13:15:25 2002: DEBUG: Handling request with Handler 'Called-Station-Id=777' Fri Feb 22 13:15:25 2002: DEBUG: SDB1 Deleting session for qnc, 203.63.154.1, 1234 Fri Feb 22 13:15:25 2002: DEBUG: Handling with AuthINTERNAL: Fri Feb 22 13:15:25 2002: DEBUG: Access accepted for qnc Fri Feb 22 13:15:25 2002: DEBUG: Packet dump: *** Sending to 10.1.10.6 port 1818 Code: Access-Accept Identifier: 184 Authentic: 1234567890123456 Attributes: Frank Danielson [Infrastructure Architect] wireless: 407.467.7832 wireline: 407.515.8633 Data On Air 301 E. Pine St. Suite 450 Orlando, Fl 32801 http://www.dataonair.com http://www.dataonair.com/ -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.