Re: (RADIATOR) PreHandlerHook (question)
Hello Paul -
I want to be able to use the PreHandlerHook to be able to compare a
radius attribute Class
and then change it to something else if matched. Can this be done?
IE. If the incoming packet contains the attribute (Class - perm) then I
want to be able
to change this to Class - pstn
This is required in order to stop permanent customers from dialing into
our pstn AS pool.
We have something similar for the other way around, but this just
converts all Class's to perm
and this method will not work the other way as not all Class's will be
pstn only.
I.E.
PreHandlerHook sub { ${$_[0]}-add_attr('Class', 'perm'); }
This is very simple to do.
Have a look at the example hooks in the file goodies/hooks.txt to see how
it is done.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
RE: (RADIATOR) PreHandlerHook
I think the hook belongs to the Realm and Handler statements.
/Ingvar
-Original Message-
From: Lisa Goulet [mailto:[EMAIL PROTECTED]]
Sent: den 17 november 2000 16:22
To: [EMAIL PROTECTED]
Subject: (RADIATOR) PreHandlerHook
Hi all,
I've implemented a PreHandlerHook for filtering out Calling-Station-Id. I
used the code in one of the postings. It doesn't seem to be doing the
filtering, there is no indication of the code being executed in the logfile.
There are know errors when the radiator starts up.
Here's the radmin.cfg file:
Foreground
LogDir .
DbDir .
Trace 4
# Secrets between clients
Client DEFAULT
Secret
PreHandlerHook sub { \
my $calledid = ${$_[0]}-get_attr('Calling-Station-Id');\
if (${calledid} =~ /207505640|207505641/) {\
${$_[0]}-add_attr('backbone','baduser'); return;\
}\
}
/Client
# Database for clients
ClientListSQL
DBSourcedbi:Pg:dbname=radmin;host=xxx.xxx.xxx.xxx
DBUsername radmin
DBAuth xx
/ClientListSQL
# IP address allocation
AddressAllocator SQL
Identifier SQLAllocator
DBSourcedbi:Pg:dbname=radmin;host=xxx.xxx.xxx.xxx
DBUsername radmin
DBAuth xx
DefaultLeasePeriod 86400
AddressPool 207500370-213.35.248.144
Subnetmask 255.255.255.255
DNSServer 62.58.62.133
Range 213.35.224.1 213.35.224.100
/AddressPool
/AddressAllocator
AuthBy RADMIN
Identifier CheckRADMIN
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in SessionDatabse SQL below
# so its the same
DBSourcedbi:Pg:dbname=radmin;host=xxx.xxx.xxx.xxx
DBUsername radmin
DBAuth xx
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set \
TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, \
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, \
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where \
USERNAME='%n'
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Service-Type = Framed-User,\
Ascend-Client-Primary-DNS = 62.58.62.132,\
Framed-MTU = 1500
/AuthBy
SessionDatabase SQL
# This database spec usually should be exactly the same
# as in AuthBy RADMIN above
DBSourcedbi:Pg:dbname=radmin;host=xxx.xxx.xxx.xxx
DBUsername radmin
DBAuth xx
/SessionDatabase
# check based on DNIS
Realm DEFAULT
# check each in the list
AuthByPolicy ContinueWhileAccept
# check port limits
AuthBy PORTLIMITCHECK
LimitQuery select maxports from portlimits \
where DNIS='%{Called-Station-Id}'
CountQuery select COUNT(*) from RADONLINE \
where DNIS='%{Called-Station-Id}'
/AuthBy
# allocate ip addresses
AuthBy DYNADDRESS
Allocator SQLAllocator
PoolHint %{Called-Station-Id}-%{NAS-IP-Address}
/AuthBy
# radmin does the rest (user, password etc)
AuthBy CheckRADMIN
/Realm
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To
Re: (RADIATOR) PreHandlerHook
Hello Lisa -
The hook code looks ok, but what are you doing with the attribute that you are
adding to the request? I can't see anything later in the configuration to deal
with it. BTW - you can always add "print" statements in your hook for debugging
purposes, or even better, add some logging at DEBUG level (see the example
goodies/hooks.txt in the distribution).
regards
Hugh
On Sat, 18 Nov 2000, Lisa Goulet wrote:
Hi all,
I've implemented a PreHandlerHook for filtering out Calling-Station-Id. I
used the code in one of the postings. It doesn't seem to be doing the
filtering, there is no indication of the code being executed in the logfile.
There are know errors when the radiator starts up.
Here's the radmin.cfg file:
Foreground
LogDir.
DbDir .
Trace 4
# Secrets between clients
Client DEFAULT
Secret
PreHandlerHook sub { \
my $calledid = ${$_[0]}-get_attr('Calling-Station-Id');\
if (${calledid} =~ /207505640|207505641/) {\
${$_[0]}-add_attr('backbone','baduser'); return;\
}\
}
/Client
# Database for clients
ClientListSQL
DBSourcedbi:Pg:dbname=radmin;host=xxx.xxx.xxx.xxx
DBUsername radmin
DBAuth xx
/ClientListSQL
# IP address allocation
AddressAllocator SQL
Identifier SQLAllocator
DBSourcedbi:Pg:dbname=radmin;host=xxx.xxx.xxx.xxx
DBUsername radmin
DBAuth xx
DefaultLeasePeriod 86400
AddressPool 207500370-213.35.248.144
Subnetmask 255.255.255.255
DNSServer 62.58.62.133
Range 213.35.224.1 213.35.224.100
/AddressPool
/AddressAllocator
AuthBy RADMIN
Identifier CheckRADMIN
# Change DBSource, DBUsername, DBAuth for your database
# See the reference manual. You will also have to
# change the one in SessionDatabse SQL below
# so its the same
DBSourcedbi:Pg:dbname=radmin;host=xxx.xxx.xxx.xxx
DBUsername radmin
DBAuth xx
# You can add to or change these if you want, but you
# will probably want to change the database schema first
AccountingTable RADUSAGE
AcctColumnDef USERNAME,User-Name
AcctColumnDef TIME_STAMP,Timestamp,integer
AcctColumnDef ACCTSTATUSTYPE,Acct-Status-Type,integer
AcctColumnDef ACCTDELAYTIME,Acct-Delay-Time,integer
AcctColumnDef ACCTINPUTOCTETS,Acct-Input-Octets,integer
AcctColumnDef ACCTOUTPUTOCTETS,Acct-Output-Octets,integer
AcctColumnDef ACCTSESSIONID,Acct-Session-Id
AcctColumnDef ACCTSESSIONTIME,Acct-Session-Time,integer
AcctColumnDef ACCTTERMINATECAUSE,Acct-Terminate-Cause,integer
AcctColumnDef FRAMEDIPADDRESS,Framed-IP-Address
AcctColumnDef NASIDENTIFIER,NAS-Identifier
AcctColumnDef NASIDENTIFIER,NAS-IP-Address
AcctColumnDef NASPORT,NAS-Port,integer
AcctColumnDef DNIS,Called-Station-Id
# This updates the time and octets left
# for this user
AcctSQLStatement update RADUSERS set \
TIMELEFT=TIMELEFT-0%{Acct-Session-Time}, \
OCTETSINLEFT=OCTETSINLEFT-0%{Acct-Input-Octets}, \
OCTETSOUTLEFT=OCTETSOUTLEFT-0%{Acct-Output-Octets} where \
USERNAME='%n'
# These are the classic things to add to each users
# reply to allow a PPP dialup session. It may be
# different for your NAS. This will add some
# reply items to everyone's reply
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Service-Type = Framed-User,\
Ascend-Client-Primary-DNS = 62.58.62.132,\
Framed-MTU = 1500
/AuthBy
SessionDatabase SQL
# This database spec usually should be exactly the same
# as in AuthBy RADMIN above
DBSourcedbi:Pg:dbname=radmin;host=xxx.xxx.xxx.xxx
DBUsername radmin
DBAuth xx
/SessionDatabase
# check based on DNIS
Realm DEFAULT
# check each in the list
AuthByPolicy ContinueWhileAccept
# check port limits
AuthBy PORTLIMITCHECK
LimitQuery select maxports from portlimits \
where DNIS='%{Called-Station-Id}'
CountQuery select COUNT(*) from RADONLINE \
where DNIS='%{Called-Station-Id}'
/AuthBy
# allocate ip addresses
AuthBy DYNADDRESS
Allocator SQLAllocator
PoolHint %{Called-Station-Id}-%{NAS-IP-Address}
/AuthBy
# radmin does the rest (user, password etc)
AuthBy CheckRADMIN
/Realm
===
Archive at
Re: (RADIATOR) PreHandlerHook Doesn't work Properly
Hello Khurram -
On Mon, 24 Apr 2000, Khurram Shahzad wrote:
Yes , you are right PreHandlerHook is not required here for Group checking, but I
want to have
different MaxSessions values for different groups. Due to some reasons I can't use
SNMP with my
NAS (i.e Cisco 7507). Is there a way to have different MaxSessions values for
different users
groups., without using any external program (finger,snmpget or snmpwalk etc.)
Yes. You can use DefaultSimultaneousUse, plus Simultaneous-Use in the users
files, something like this:
Realm
RewriteUsername s/^([^@]+).*/$1/
AuthByPolicy ContinueUntilAccept
AuthBy FILE
DefaultSimultaneousUse 1
# The filename defaults to %D/users
/AuthBy
AuthBy FILE
DefaultSimultaneousUse 1
Filename %D/StaffUsers
/AuthBy
AcctLogFileFormat %l '%{User-Name}' %{Acct-Session-Time} %{Acct-Status-Type} \
%{Acct-Session-Id} %{Acct-Terminate-Cause} %{NAS-Port-Type} %{NAS-IP-Address}
%{NAS-Port} \
%{Framed-IP-Address} %{Framed-Protocol}
AcctLogFileName %L/logfile.%Y%m%d
/Realm
AuthBy SYSTEM
Identifier System
UseGetspnam
/AuthBy
Then in the file %D/StaffUsers you would have this:
# file %D/StaffUsers
DEFAULT Auth-Type = System, Group = staff
Service-Type = Framed-User,
Framed-Protocol = PPP
And in the file %D/users you would have this:
# file %D/users
DEFAULT Simultaneous-Use = 2, Auth-Type = System, Group = special
Service-Type = Framed-User,
Framed-Protocol = PPP,
Vendor-Specific = cisco-avpair,
cisco-avpair = "ip:addr-pool=test"
DEFAULT Simultaneous-Use = 1, Auth-Type = System, Group = public
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT Simultaneous-Use = 1, Auth-Type = System, Group = demo
Service-Type = Framed-User,
Framed-Protocol = PPP
Note that DefaultSimultaneousUse is an AuthBy parameter.
Have a look at sections 6.14.13 and 13.1.12 in the Radiator 2.15 reference
manual.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PreHandlerHook Doesn't work Properly
Hi Hugh,
I am using Radiator 2.15 ( all patches applied) on Sun Ultra-1 with
Solaris 2.6. My NAS is Cisco 7507 with IOS 12.03(T3).
All the required files are pasted below.
My Configuration File
-- radius.conf ---
# Shaheer Dialup Accounts
Foreground
LogStdout
Trace 4
AuthPort 1812
AcctPort 1813
LogDir /usr/local/etc/raddb
DbDir /usr/local/etc/raddb
LogFile %L/logfile.%Y%m%d
Client c1.shaheer.net.sa>
Secret xxx
/Client>
Client c2.shaheer.net.sa>
PreHandlerHook sub { my
$p = ${$_[0]}; \
my $username = $p->get_attr('User-Name'); \
my ($name,$passwd,$uid,$gid,$quota,$comments,$gcos,$dir,$shell) = getpwnam($username);
\
if ($gid == "10") { \
$p->add_attr('Group-Name', 'staff'); } \
}
Secret yyy
/Client>
Client c3.shaheer.net.sa>
Secret zzz
/Client>
Client c4.shaheer.net.sa>
Secret xyz
/Client>
Handler Group=staff>
AuthBy FILE>
Filename %D/StaffUsers
/AuthBy>
/Handler>
Realm>
#RewriteUsername s/^([^@]+).*/$1/
#MaxSessions 1
#AuthBy GROUP>
# AuthByPolicy ContinueUntilAccept
AuthBy FILE>
# The filename defaults to %D/users
/AuthBy>
# AuthBy FILE>
#
Filename %D/StaffUsers
# /AuthBy>
#/AuthBy>
AcctLogFileFormat %l '%{User-Name}' %{Acct-Session-Time} %{Acct-Status-Type}
\
%{Acct-Session-Id} %{Acct-Terminate-Cause} %{NAS-Port-Type} %{NAS-IP-Address}
%{NAS-Port} \
%{Framed-IP-Address} %{Framed-Protocol}
AcctLogFileName %L/logfile.%Y%m%d
/Realm>
AuthBy SYSTEM>
Identifier System
UseGetspnam
/AuthBy>
-- radius.conf ---
-- %D/StaffUsers ---
DEFAULT Auth-Type =
System, Group = staff
Service-Type = Framed-User,
Framed-Protocol = PPP
-- %D/StaffUsers ---
-- %D/users ---
DEFAULT Auth-Type =
System, Group = special
Service-Type = Framed-User,
Framed-Protocol = PPP,
Vendor-Specific = cisco-avpair,
cisco-avpair = "ip:addr-pool=test"
DEFAULT Auth-Type =
System, Group = public
Service-Type = Framed-User,
Framed-Protocol = PPP,
DEFAULT Auth-Type =
System, Group = demo
Service-Type = Framed-User,
Framed-Protocol = PPP
-- %D/users ---
The Output of DEBUG i.,e Trace 4 is as below for one of my staff user
nadeem.
- DEBUG - Trace 4 --
Mon Apr 17 09:27:53 2000: DEBUG: Packet dump:
*** Received from 212.64.128.19 port 45647
Code: Access-Request
Identifier: 245
Authentic: 244>D[181>$140>139>28>176>129>(baH210>
Attributes:
NAS-IP-Address = 212.64.128.2
NAS-Port = 153
NAS-Port-Type = Virtual
User-Name = "nadeem"
User-Password = "17>e186>j178>176>V14>136>161>164>245>166>3>176>251>"
Service-Type = Framed-User
Framed-Protocol = PPP
Mon Apr 17 09:27:53 2000: DEBUG: Handling request with Handler 'Realm='
Mon Apr 17 09:27:53 2000: DEBUG: Rewrote user name to nadeem
Mon Apr 17 09:27:53 2000: DEBUG: Deleting session for nadeem,
212.64.128.2, 153
Mon Apr 17 09:27:53 2000: DEBUG: Handling with Radius::AuthFILE
Mon Apr 17 09:27:53 2000: DEBUG: Radius::AuthFILE looks for match with
nadeem
Mon Apr 17 09:27:53 2000: DEBUG: Handling with Radius::AuthSYSTEM
Mon Apr 17 09:27:53 2000: DEBUG: getpwnam got nadeem, t54emF6Cn2W16,
3800, 10, , Nadeem Ikram, Nadeem Ikram, /export/home/nadeem, /bin/tcsh
Mon Apr 17 09:27:53 2000: DEBUG: Radius::AuthSYSTEM looks for match
with nadeem
Mon Apr 17 09:27:53 2000: DEBUG: Radius::AuthSYSTEM REJECT: User nadeem
is not in Group public
Mon Apr 17 09:27:53 2000: DEBUG: Radius::AuthFILE REJECT: User nadeem
is not in Group public
Mon Apr 17 09:27:53 2000: DEBUG: Radius::AuthFILE looks for match with
DEFAULT
Mon Apr 17 09:27:53 2000: DEBUG: Handling with Radius::AuthSYSTEM
Mon Apr 17 09:27:53 2000: DEBUG: getpwnam got nadeem, t54emF6Cn2W16,
3800, 10, , Nadeem Ikram, Nadeem Ikram, /export/home/nadeem, /bin/tcsh
Mon Apr 17 09:27:53 2000: DEBUG: Radius::AuthSYSTEM looks for match
with nadeem
Mon Apr 17 09:27:53 2000: DEBUG: Radius::AuthSYSTEM REJECT: User nadeem
is not in Group special
Mon Apr 17 09:27:53 2000: DEBUG: Radius::AuthFILE REJECT: User nadeem
is not in Group special
Mon Apr 17 09:27:53 2000: DEBUG: Radius::AuthFILE looks for match with
DEFAULT1
Mon Apr 17 09:27:53 2000: DEBUG: Handling with Radius::AuthSYSTEM
Mon Apr 17 09:27:53 2000: DEBUG: getpwnam got nadeem, t54emF6Cn2W16,
3800, 10, , Nadeem Ikram, Nadeem Ikram, /export/home/nadeem, /bin/tcsh
Mon Apr 17 09:27:53 2000: DEBUG: Radius::AuthSYSTEM looks for match
with nadeem
Mon Apr 17 09:27:53 2000: DEBUG: Radius::AuthSYSTEM REJECT: User nadeem
is not in Group public
Mon Apr 17 09:27:53 2000: DEBUG: Radius::AuthFILE REJECT: User nadeem
is not in Group public
Mon Apr 17 09:27:53 2000: DEBUG: Radius::AuthFILE looks for match with
DEFAULT2
Mon Apr 17 09:27:53 2000: DEBUG: Handling with Radius::AuthSYSTEM
Mon Apr 17 09:27:53 2000: DEBUG: getpwnam got nadeem, t54emF6Cn2W16,
3800, 10, , Nadeem Ikram, Nadeem Ikram,
Re: (RADIATOR) PreHandlerHook Doesn't work Properly
Hello Khurram -
On Mon, 17 Apr 2000, Khurram Shahzad wrote:
Hi Hugh,
I am using Radiator 2.15 ( all patches applied) on Sun Ultra-1 with Solaris 2.6.
My NAS is Cisco 7507 with IOS 12.03(T3).
All the required files are pasted below.
My Configuration File
-- radius.conf ---
# Shaheer Dialup Accounts
Foreground
LogStdout
Trace 4
AuthPort 1812
AcctPort 1813
LogDir /usr/local/etc/raddb
DbDir /usr/local/etc/raddb
LogFile %L/logfile.%Y%m%d
Client c1.shaheer.net.sa
Secret xxx
/Client
Client c2.shaheer.net.sa
PreHandlerHook sub { my $p = ${$_[0]}; \
my $username = $p-get_attr('User-Name'); \
my ($name,$passwd,$uid,$gid,$quota,$comments,$gcos,$dir,$shell) =
getpwnam($username); \
if ($gid == "10") { \
$p-add_attr('Group-Name', 'staff'); } \
}
Secret yyy
/Client
Client c3.shaheer.net.sa
Secret zzz
/Client
Client c4.shaheer.net.sa
Secret xyz
/Client
Handler Group=staff
AuthBy FILE
Filename %D/StaffUsers
/AuthBy
/Handler
Realm
#RewriteUsername s/^([^@]+).*/$1/
#MaxSessions 1
#AuthBy GROUP
# AuthByPolicy ContinueUntilAccept
AuthBy FILE
# The filename defaults to %D/users
/AuthBy
# AuthBy FILE
# Filename %D/StaffUsers
#/AuthBy
#/AuthBy
AcctLogFileFormat %l '%{User-Name}' %{Acct-Session-Time} %{Acct-Status-Type} \
%{Acct-Session-Id} %{Acct-Terminate-Cause} %{NAS-Port-Type} %{NAS-IP-Address}
%{NAS-Port} \
%{Framed-IP-Address} %{Framed-Protocol}
AcctLogFileName %L/logfile.%Y%m%d
/Realm
AuthBy SYSTEM
Identifier System
UseGetspnam
/AuthBy
Thank you for sending the configuration file and trace output - it makes it
much easier to help you. It might also be helpful if you could explain what
your requirements are and what the configuration file should be doing.
There are several things that will cause you problems in your configuration
file, so I think I will make some suggestions in an example below:
# configuration for shaheer.net.sa
# Shaheer Dialup Accounts
Foreground
LogStdout
Trace 4
AuthPort 1812
AcctPort 1813
LogDir /usr/local/etc/raddb
DbDir /usr/local/etc/raddb
LogFile %L/logfile.%Y%m%d
Client c1.shaheer.net.sa
Secret xxx
/Client
Client c2.shaheer.net.sa
Secret yyy
/Client
Client c3.shaheer.net.sa
Secret zzz
/Client
Client c4.shaheer.net.sa
Secret xyz
/Client
Realm
RewriteUsername s/^([^@]+).*/$1/
MaxSessions 1
AuthByPolicy ContinueUntilAccept
AuthBy FILE
# The filename defaults to %D/users
/AuthBy
AuthBy FILE
Filename %D/StaffUsers
/AuthBy
AcctLogFileFormat %l '%{User-Name}' %{Acct-Session-Time} %{Acct-Status-Type} \
%{Acct-Session-Id} %{Acct-Terminate-Cause} %{NAS-Port-Type} %{NAS-IP-Address}
%{NAS-Port} \
%{Framed-IP-Address} %{Framed-Protocol}
AcctLogFileName %L/logfile.%Y%m%d
/Realm
AuthBy SYSTEM
Identifier System
UseGetspnam
/AuthBy
Then in the file %D/StaffUsers you would have this:
# file %D/StaffUsers
DEFAULT Auth-Type = System, Group = staff
Service-Type = Framed-User,
Framed-Protocol = PPP
And in the file %D/users you would have this:
# file %D/users
DEFAULT Auth-Type = System, Group = special
Service-Type = Framed-User,
Framed-Protocol = PPP,
Vendor-Specific = cisco-avpair,
cisco-avpair = "ip:addr-pool=test"
DEFAULT Auth-Type = System, Group = public
Service-Type = Framed-User,
Framed-Protocol = PPP
DEFAULT Auth-Type = System, Group = demo
Service-Type = Framed-User,
Framed-Protocol = PPP
Note that a PreHandlerHook is not required to provide Group checking.
hth
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PreHandlerHook Doesn't work Properly
Hello Khurram - On Sun, 16 Apr 2000, Khurram Shahzad wrote: Hi all, I am trying to use "PreHandlerHook" to check whether the user in request belongs to a certain group on the system (unix) and then get this user to be authenticated by Handler with check item Group="UserGroup". My PreHandlerHook is working perfectly , it is giving theUserGroup accordingly , but requests are always handle by the default Realm / Handler. Getting user's groupname and then handle it with handler having check item Group="UserGroup" is required? Please send me a copy of your configuration file together with a trace 4 debug showing what is happening. I will also need your hardware and software platforms and the Radiator version number. thanks Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc. Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X. === Archive at http://www.starport.net/~radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) PreHandlerHook
On Jul 8, 7:00pm, Requiem Aurelien (Ext/NTC) wrote: Subject: (RADIATOR) PreHandlerHook Hello How can i specify a perl function that is into an other file ? PreHandlerHook file:"myhook.pl" Where can i find a good perl e-book ? Not too sure. I user paper ones :-) Perl docs are at www.perl.com, try http://language.perl.com/info/documentation.html Cheers. -- Mike McCauley [EMAIL PROTECTED] Open System Consultants Pty. LtdUnix, Perl, Motif, C++, WWW 24 Bateman St Hampton, VIC 3188 Australia http://www.open.com.au Phone +61 3 9598-0985 Fax +61 3 9598-0955 Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, etc etc on Unix, Win95/8, NT, Rhapsody === Archive at http://www.thesite.com.au/~radiator/ To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
