(RADIATOR) changing the realm.

Griff Hamlin griff3 at quik.com
Wed Jul 11 11:50:27 CDT 2001


Hello all,

I am trying to take the username (including realm or not) that comes in
from the packet, strip the realm and then put on a new one based on the
radius client that is providing the packet. I have the following in a
client block:

<Client 127.0.0.1>
   RewriteUsername s/^([^@]+).*/$1/
   Secret mysecret
   PreHandlerHook sub { ${$_[0]}->change_attr('Realm','home'); \
                        my $request = ${$_[0]}; \
                        my $attrref = $request->{Attributes}; \
                        my @attr = @$attrref; \
                        foreach (@attr) { \
                           my @attr2 = @$_; \
                           my $attr3; \
                           foreach $attr3 (@attr2) { \
                              print "attribute is '$attr3'\n"; \
                           }\
                        }\
                     }
</Client>

Mostly, what happens is I try and use the 'change_attr' method to change
the realm from whatever it was to 'home'. However, when I tried then
using a <Handler  Realm = home> block, it never noticed the new realm,
and continued with the old realm as per the following log file segment:

attribute is 'User-Name'
attribute is 'hamlin'
attribute is 'Service-Type'
attribute is 'Framed-User'
attribute is 'NAS-IP-Address'
attribute is '203.63.154.1'
attribute is 'NAS-Port'
attribute is '1234'
attribute is 'Called-Station-Id'
attribute is '123456789'
attribute is 'Calling-Station-Id'
attribute is '987654321'
attribute is 'NAS-Port-Type'
attribute is 'Async'
attribute is 'Framed-IP-Address'
attribute is '255.255.255.254'
attribute is 'User-Password'
attribute is 'ϸfß5pö¼8         Ø}x'
attribute is 'Realm'
attribute is 'home'
Wed Jul 11 10:45:34 2001: DEBUG: Packet dump:
*** Received from 65.13.83.72 port 1027 ....
Code:       Access-Request
Identifier: 124
Authentic:  1234567890123456
Attributes:
        User-Name = "hamlin at wf.quik.com"
        Service-Type = Framed-User
        NAS-IP-Address = 203.63.154.1
        NAS-Port = 1234
        Called-Station-Id = "123456789"
        Calling-Station-Id = "987654321"
        NAS-Port-Type = Async
        Framed-IP-Address = 255.255.255.254
        User-Password =
"<207><184>f<154><223>5p<246><188>8<9><160><216>}x<153>"
Wed Jul 11 10:45:34 2001: DEBUG: Rewrote user name to hamlin
Wed Jul 11 10:45:34 2001: DEBUG: Check if Handler Realm = home should be
used to handle this request
Wed Jul 11 10:45:34 2001: DEBUG: Check if Handler  should be used to
handle this request
Wed Jul 11 10:45:34 2001: DEBUG: Handling request with Handler ''
Wed Jul 11 10:45:34 2001: DEBUG:  Deleting session for
hamlin at wf.quik.com, 203.63.154.1, 1234

As you can see, when printing out attributes, it shows the Realm to be
'home', and later when doing the packet dump, the username is
hamlin at wf.quik.com as it was sent from the radius client. Maybe this is
not possible, which would be OK I have other ideas to work around it.
But now I'm curious.

Griff Hamlin, IIII


===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list