We're authenticating and accounting for calls made by cellular phones to a
3Com NAS. The phones are preprogrammed to all dial a certain number (#777) and
all use the same user name and password. I had originally planned to
authenticate from the Calling-Station-Id but the problem I ran into was that
other funtions such as the session database and session limit checking use the
User-Name attribute. We will be having some other users dialing in with unique
names and passwords that will be authenticated normally so it seemd to make
much more sense to do the User-Name translation in the beginning than worry
about all of the other places where I may need to decide whether to use the
User-Name or Calling-Station-Id.
After a little bit of poking around I found that Radiator stores the original
user name so even if you change the User-Name attribute in a hook, the
original user name is used for later authentication and session-limit
checking. Modifiying the OriginalUserName attribute fixed my problem although
I'm sure there was a reason for keeping the original copy of it that I may not
be aware of.
= Original Message From [EMAIL PROTECTED] =
Hello Frank -
You would usually just use the Calling-Station-Id attribute directly, and
provide an AuthSelect statement in the AuthBy SQL clause (assuming you are
using an SQL database).
Perhaps you could describe you requirements in more detail?
regards
Hugh
On Sat, 23 Feb 2002 05:30, Frank Danielson wrote:
Hi-
We're trying to use Radiator to authenticate dialup users using the
Calling-Station-Id instead of the User-Name. All of the users dial in using
the same name and password so I want to use a hook to put the value of the
Calling-Station-Id attribute into the User-Name attribute. It seems easy
enough and the simple hook I wrote thinks that it is working but the user
is still being logged in the session database and authenticated using the
original User-Name value. Is there something I'm missing or is this just
not possible for some reason?
Config file snippet:
PreClientHook sub {\
my $p = ${$_[0]};\
my $dnis=$p-get_attr('Called-Station-Id');\
$dnis =~ s/\D//g;\
$p-change_attr('Called-Station-Id',$dnis);\
main::log($main::LOG_DEBUG,Dnis:$dnis, );\
if ($dnis eq 777) {\
my $p = ${$_[0]};\
my $min=$p-get_attr('Calling-Station-Id');\
my $olduser=$p-get_attr('User-Name');\
$p-change_attr('User-Name',$min);\
my $newuser=$p-get_attr('User-Name');\
main::log($main::LOG_DEBUG,Min:$min, OldUser:$olduser
NewUser:$newuser\n);\
}\
}
Trace 4 Debug:
*** Received from 10.1.10.6 port 1818
Code: Access-Request
Identifier: 184
Authentic: 1234567890123456
Attributes:
User-Name = qnc
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Port = 1234
Called-Station-Id = #777
Calling-Station-Id = 987654321
NAS-Port-Type = Async
User-Password =
136229173175\424618889160216}x153
Fri Feb 22 13:15:25 2002: DEBUG: Dnis:777,
Fri Feb 22 13:15:25 2002: DEBUG: Min:987654321, OldUser:qnc
NewUser:987654321
Fri Feb 22 13:15:25 2002: DEBUG: Check if Handler Called-Station-Id=777
should be used to handle this request
Fri Feb 22 13:15:25 2002: DEBUG: Handling request with Handler
'Called-Station-Id=777'
Fri Feb 22 13:15:25 2002: DEBUG: SDB1 Deleting session for qnc,
203.63.154.1, 1234
Fri Feb 22 13:15:25 2002: DEBUG: Handling with AuthINTERNAL:
Fri Feb 22 13:15:25 2002: DEBUG: Access accepted for qnc
Fri Feb 22 13:15:25 2002: DEBUG: Packet dump:
*** Sending to 10.1.10.6 port 1818
Code: Access-Accept
Identifier: 184
Authentic: 1234567890123456
Attributes:
Frank Danielson
[Infrastructure Architect]
wireless: 407.467.7832
wireline: 407.515.8633
Data On Air
301 E. Pine St. Suite 450
Orlando, Fl 32801
http://www.dataonair.com http://www.dataonair.com/
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.