Re: (RADIATOR) More information for PreProcessingHook
Hello Tim - Special character expansion and by extension %{...} expansion only happens it certain places - and it doesn't happen in a hook definition. In your case you will have to call the routine to get the variable explicitly. sub {${$_[0]} - add_attr('Provider', main::getVariable('ISP-GoodNews'));} Have a look at the example hooks in goodies/hooks.txt. BTW - I *much* prefer to put the hook code into a file. regards Hugh On Fri, 26 Apr 2002 13:38, Timothy G. Wells wrote: Hi, It seems that if I place a value directly into the attribute I want to set to be recorded in the SessionDatabase clause then it works versus having it set by a global varaible. # PreProcessingHook sub {${$_[0]} - add_attr('Provider', %{GlobalVar:ISP-GoodNews});} PreProcessingHooksub {${$_[0]} - add_attr('Provider', 1);} -- Tim === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Realm plus another qualifier
Greetings, Can a Handler have an or situation instead of an and situation, for instance? Handler Realm=dsadsadasd **or** Called-Number=/4343/ I'm hoping I didn't miss this in the manual ;) -- Tim Timothy G. Wells Good News Internet Services [EMAIL PROTECTED] http://www.goodnews.net
Re: (RADIATOR) Realm plus another qualifier
Oops, sorry...misread that. I rescind my statement and will allow someone qualified to embarass me now =) [EMAIL PROTECTED] wrote: Greetings, Can a Handler have an or situation instead of an and situation, for instance? Handler Realm=dsadsadasd **or** Called-Number=/4343/ I'm hoping I didn't miss this in the manual ;) -- Tim Timothy G. Wells Good News Internet Services [EMAIL PROTECTED] http://www.goodnews.net http://www.goodnews.net/ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Realm plus another qualifier
Yes, it can. You can use an attribute and a realm within a Handler statement. [EMAIL PROTECTED] wrote: Greetings, Can a Handler have an or situation instead of an and situation, for instance? Handler Realm=dsadsadasd **or** Called-Number=/4343/ I'm hoping I didn't miss this in the manual ;) -- Tim Timothy G. Wells Good News Internet Services [EMAIL PROTECTED] http://www.goodnews.net http://www.goodnews.net/ === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) Logging Accounting to SQL without SQL authentication
Hi. We want to log accounting to our SQL DB, but we are using LDAP DB for authentication. What can we do? AuthLog SQL doesn't mention AccountingTable functionality from AuthBy SQL. Thanks. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Radius
Hello Barrett - As mentioned previously, you will need to verify a trace 4 debug from Radiator to see exactly what you are receiving in the requests you want to deny and then construct the appropriate Handler in consequence. You could try something like this: Handler NAS-Identifier=/...|...|.../,Called-Station-Id=## AuthBy INTERNAL DefaultResult REJECT /AuthBy /Handler where ...|...|... are the three NAS-Identifiers in question. regards Hugh On Sat, 27 Apr 2002 00:15, Barrett W Clark wrote: Hugh, After making the changes, I am still not able to stop the incoming calls. I have been informed the leased Clients (xxx.xxx.xxx.xxx, yyy.yyy.yyy.yyy and zzz.zzz.zzz.zzz) are not the IPs of their NASes but of their radius servers. In the logs, I show them (customers dialing the number I want to deny) to be on 3 different NAS-Identifiers. The 3 NAS-Identifiers are not in the radius.cfg. Any suggestions? bwc At 06:59 PM 4/21/2002 +1000, Hugh Irvine wrote: Hello Barrett - I suspect you will find that your configuration will work properly with Client xxx.xxx.xxx.xxx, but not yyy.yyy.yyy.yyy or zzz.zzz.zzz.zzz. If you want to use the Identifier theirclients, you will have to specify seperate Client clauses. # define Clients Client xxx.xxx.xxx.xxx Secret Identifier theirclients /Client Client yyy.yyy.yyy.yyy Secret Identifier theirclients /Client Client zzz.zzz.zzz.zzz Secret Identifier theirclients /Client You should also check a trace 4 debug from Radiator to verify the format of the Called-Station-Id you are receiving from the NAS to make sure it matches the Handler specification. regards Hugh On Sun, 21 Apr 2002 09:07, Barrett W Clark wrote: Hugh, I have tried to follow the example below but customers can still dial in on that number. Any suggestions as to what I am doing wrong would be helpful!! Also on improving the radius.cfg file would be greatly appreciated! regards bwc --Begin radius.cfg--- #Foreground LogStdout LogDir /usr/local/radius/log DbDir /usr/local/etc/raddb # User a lower trace level in production systems: Trace 3 AuthPort 1645 AcctPort 1646 #strip realm RewriteUsername s/^([^@]+).*/$1/ RewriteUsername s/%//g Client localhost Secret DupInterval 0 /Client # All of our clients are listed here Client host.domain.com Secret Identifier ourclients IdenticalClients host2.domain.com host3.domain.com \ host4.domain.com host5.domain.com host6.domain.com \ host7.domain.com host8.domain.com /Client Client xxx.xxx.xxx.xxx Secret Identifier theirclients IdenticalClients yyy.yyy.yyy.yyy zzz.zzz.zzz.zzz /Client Handler Client-Identifier=theirclients,Called-Station-Id=## AuthBy INTERNAL DefaultResult REJECT /AuthBy /Handler Handler AuthBy DBFILE Filename %D/users /AuthBy AcctLogFileName %L/cd-%Y%m%d /Handler Realm DEFAULT AuthBy DBFILE Filename %D/users /AuthBy AcctLogFileName %L/cd-%Y%m%d /Realm SessionDatabase DBM # The name of the DBM file. Defaults on %D/online Filename %D/online /SessionDatabase -Example of the cd-20020419--- Sat Apr 20 06:47:59 2002 NAS-IP-Address = xxx.xxx.xxx.xxx NAS-Port = NAS-Port-Type = Async Called-Station-Id = ## Calling-Station-Id = ** Acct-Status-Type = Start Acct-Authentic = RADIUS Service-Type = Framed-User Acct-Session-Id = 000DDF72 Framed-Protocol = PPP Acct-Link-Count = 1 Ascend-Num-In-Multilink = 1 Acct-Multi-Session-Id = 156668 Framed-IP-Address = ooo.ooo.ooo.ooo Ascend-Multilink-ID = 156668 Acct-Delay-Time = 0 User-Name = username At 08:15 AM 4/17/2002 +1000, Hugh Irvine wrote: Hello Barrett - In my example below, you would reject all calls to a particular Called-Station-Id on the Clients with Identifier somewhere. Ie. ## is the number you want to deny. Handler Client-Identifier = somewhere, Called-Station-Id = 12345 You could also use regular expressions in the Handler . regards Hugh -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets:
Re: (RADIATOR) Logging Accounting to SQL without SQL authentication
Hello Dan - You would do something like this: # define AuthBy clauses # normal LDAP authentication AuthBy LDAP2 Identifier CheckLDAP .. /AuthBy # SQL accounting only # (note empty AuthSelect to disable authentication) AuthBy SQL Identifier SQLAccounting .. AuthSelect AccountingTable ACCOUNTING AcctColumnDef . .. /AuthBy # define Realm(s) or Handler(s) # use AuthByPolicy ContinueAlways # SQLAccounting must appear before CheckLDAP Handler . AuthByPolicy ContinueAlways AuthBy SQLAccounting AuthBy CheckLDAP . /Handler regards Hugh On Sat, 27 Apr 2002 03:18, Dan Melomedman wrote: Hi. We want to log accounting to our SQL DB, but we are using LDAP DB for authentication. What can we do? AuthLog SQL doesn't mention AccountingTable functionality from AuthBy SQL. Thanks. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message. -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
Re: (RADIATOR) Realm plus another qualifier
Hello Tim - No you can't have logical or definitions in Handlers. What I usually do is something like this: # define AuthBy clauses with Identifiers AuthBy Identifier SomethingDescriptive .. /AuthBy AuthBy Identifier AnotherDescription . /AuthBy # define an AuthBy GROUP if required AuthBy GROUP Identifier CheckUsers AuthByPolicy ContinueUntilAccept AuthBy SomethingDescriptive AuthBy AnotherDescription . /AuthBy .. # define Handlers Handler Realm=dsadsadasd AuthBy CheckUsers . /Handler Handler Called-Number=/4343/ AuthBy CheckUsers . /Handler .. I also tend to find that if I construct my Handlers correctly, a final Handler clause will catch everything else - ie an inclusive or. BTW - an added benefit in constructing configuration files in this fashion is that they tend to be *much* easier to read, understand and maintain. regards Hugh On Fri, 26 Apr 2002 23:05, Timothy G. Wells wrote: Greetings, Can a Handler have an or situation instead of an and situation, for instance? Handler Realm=dsadsadasd **or** Called-Number=/4343/ I'm hoping I didn't miss this in the manual ;) -- Tim Timothy G. Wells Good News Internet Services [EMAIL PROTECTED] http://www.goodnews.net -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.
(RADIATOR) How to get to particular attribute if set multiple times in radius packet
Greetings, I'm sorry to hit with so many questions but I'm finally getting time to put in to Radiator. If a radius packet comes to Radiator and it's name is duplicated, how do I get to a particular part? For instance if I look at %{Service_info} I would get TX where I really wish I could see NGood-News-Internet-Service. I want to use this result as part of a Handler clause. Thanks, -- Tim Acct-Input-Packets = 2214545 Acct-Output-Packets = 2439822 Framed-Protocol = PPP Service-Info = NGood-News-Internet-Service Service-Info = Urwells Service-Info = TX Acct-Delay-Time = 0 Proxy-State = 19c3 === Archive at http://www.open.com.au/archives/radiator/ Announcements on [EMAIL PROTECTED] To unsubscribe, email '[EMAIL PROTECTED]' with 'unsubscribe radiator' in the body of the message.