Re: [RADIATOR] Copying OSC-Client-Identifier to Client-Identifier
Hello Vangelis - As Tuure shows, his way is much preferable - you really shouldn’t change the Identifier in the Client clause. Just use the OSC-Client-Identifier in your Handler’s. regards Hugh > On 21 Dec 2017, at 00:05, Vangelis Kyriakakiswrote: > > Hi Tuure, > >Thanks for the answer. >Actually I have a configuration where a RADIUS server receives some > requests directly from the clients and some other requests through a > proxy RADIUS server from the same clients. >So, at the proxy server I have some Client clauses which categorize > the clients using different Client-Identifiers which are passed to the > final RADIUS server through the OSC-Client-Identifier attribute. >The final RADIUS server has the same Client clauses, plus a clause > for the proxy RADIUS server in which I copy the OSC-Client-Identifier to > Client-Identifier (using a PreHandlerHook), in order to be able to pass > the requests through the same handlers which use the Client-Identifier > as a check item: > > > > # Proxy server as client > PreHandlerHook file:"%D/ProxyClient.pl" > > > ProxyClient.pl: > sub > { > my $p = ${$_[0]}; > my $client = $p->get_attr('OSC-Client-Identifier'); > $p->{Client}->{Identifier}=$client; > } > > > Identifier Client1 > > > > > > > So I want requests that follow the paths > > Client1->Final RADIUS > > OR > > Client1->proxy RADIUS->Final RADIUS > > to be handled by the above Handler. > > Is this a safe solution? > >Regards > Vangelis > On 20/12/2017 1:35 μμ, Tuure Vartiainen wrote: >> Hi, >> >>> On 20 Dec 2017, at 8.27, Vangelis Kyriakakis wrote: >>> >>> Is there a way to copy OSC-Client-Identifier which comes from a proxy >>> RADIATOR server to Client-Identifier using a PrehandlerHook at the final >>> RADIATOR server. >>> >> Client-Identifier is Radius::Client object’s Identifier attribute’s value, >> and is accessible through Radius::Radius request object in a following way >> >> $p->{Client}->{Identifier} >> >> You should not assign a value to it as $p->{Client} is a reference to >> Radius::Client object from which the request was received and it would >> overwrite that Client’s Identifier’s value. >> >> If you wan’t to unify usage of OSC-Client-Identifier attribute >> and local Client-Identifier, you could add Client’s Identifier to >> OSC-Client-Identifier attribute if the request does not have one. >> >> E.g. >> >> >>Identifier SomeClient >> >>... >> >># Add Client’s Identifier to OSC-Client-Identifier >># if a request does not have one >>AddToRequestIfNotExist OSC-Client-Identifier=%{Client:Identifier} >> >> >> ... >> >> >>... >> >> >> >> BR > > ___ > radiator mailing list > radiator@lists.open.com.au > http://lists.open.com.au/mailman/listinfo/radiator -- Hugh Irvine h...@open.com.au Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER, SIM, etc. Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@lists.open.com.au http://lists.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Copying OSC-Client-Identifier to Client-Identifier
Hi Tuure, Thanks for the answer. Actually I have a configuration where a RADIUS server receives some requests directly from the clients and some other requests through a proxy RADIUS server from the same clients. So, at the proxy server I have some Client clauses which categorize the clients using different Client-Identifiers which are passed to the final RADIUS server through the OSC-Client-Identifier attribute. The final RADIUS server has the same Client clauses, plus a clause for the proxy RADIUS server in which I copy the OSC-Client-Identifier to Client-Identifier (using a PreHandlerHook), in order to be able to pass the requests through the same handlers which use the Client-Identifier as a check item: # Proxy server as client PreHandlerHook file:"%D/ProxyClient.pl" ProxyClient.pl: sub { my $p = ${$_[0]}; my $client = $p->get_attr('OSC-Client-Identifier'); $p->{Client}->{Identifier}=$client; } Identifier Client1 So I want requests that follow the paths Client1->Final RADIUS OR Client1->proxy RADIUS->Final RADIUS to be handled by the above Handler. Is this a safe solution? Regards Vangelis On 20/12/2017 1:35 μμ, Tuure Vartiainen wrote: > Hi, > >> On 20 Dec 2017, at 8.27, Vangelis Kyriakakiswrote: >> >>Is there a way to copy OSC-Client-Identifier which comes from a proxy >> RADIATOR server to Client-Identifier using a PrehandlerHook at the final >> RADIATOR server. >> > Client-Identifier is Radius::Client object’s Identifier attribute’s value, > and is accessible through Radius::Radius request object in a following way > > $p->{Client}->{Identifier} > > You should not assign a value to it as $p->{Client} is a reference to > Radius::Client object from which the request was received and it would > overwrite that Client’s Identifier’s value. > > If you wan’t to unify usage of OSC-Client-Identifier attribute > and local Client-Identifier, you could add Client’s Identifier to > OSC-Client-Identifier attribute if the request does not have one. > > E.g. > > > Identifier SomeClient > > ... > > # Add Client’s Identifier to OSC-Client-Identifier > # if a request does not have one > AddToRequestIfNotExist OSC-Client-Identifier=%{Client:Identifier} > > > ... > > > ... > > > > BR ___ radiator mailing list radiator@lists.open.com.au http://lists.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Copying OSC-Client-Identifier to Client-Identifier
Hi, > On 20 Dec 2017, at 8.27, Vangelis Kyriakakiswrote: > >Is there a way to copy OSC-Client-Identifier which comes from a proxy > RADIATOR server to Client-Identifier using a PrehandlerHook at the final > RADIATOR server. > Client-Identifier is Radius::Client object’s Identifier attribute’s value, and is accessible through Radius::Radius request object in a following way $p->{Client}->{Identifier} You should not assign a value to it as $p->{Client} is a reference to Radius::Client object from which the request was received and it would overwrite that Client’s Identifier’s value. If you wan’t to unify usage of OSC-Client-Identifier attribute and local Client-Identifier, you could add Client’s Identifier to OSC-Client-Identifier attribute if the request does not have one. E.g. Identifier SomeClient ... # Add Client’s Identifier to OSC-Client-Identifier # if a request does not have one AddToRequestIfNotExist OSC-Client-Identifier=%{Client:Identifier} ... ... BR -- Tuure Vartiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@lists.open.com.au http://lists.open.com.au/mailman/listinfo/radiator