(RADIATOR) changing the realm.
Kitabjian, Dave
dave at netcarrier.com
Wed Jul 11 16:16:50 CDT 2001
I was confused about the same thing at one point.
"Realm" to Radiator is not an attribute but rather the portion of the
username following the "@".
To work around this, we have a hook somewhat similar to yours which:
1) Strips the @realm.com off the username
2) Creates a new custom attribute, NC-Realm = realm.com
3) Then, if you need to Handle in special ways, you use <Handler NC-Realm =
realm.com>.
Make sense?
Dave
> -----Original Message-----
> From: Griff Hamlin [mailto:griff3 at quik.com]
> Sent: Wednesday, July 11, 2001 12:50 PM
> To: radiator at open.com.au
> Subject: (RADIATOR) changing the realm.
>
>
> Hello all,
>
> I am trying to take the username (including realm or not)
> that comes in from the packet, strip the realm and then put
> on a new one based on the radius client that is providing the
> packet. I have the following in a client block:
>
> <Client 127.0.0.1>
> RewriteUsername s/^([^@]+).*/$1/
> Secret mysecret
> PreHandlerHook sub { ${$_[0]}->change_attr('Realm','home'); \
> my $request = ${$_[0]}; \
> my $attrref = $request->{Attributes}; \
> my @attr = @$attrref; \
> foreach (@attr) { \
> my @attr2 = @$_; \
> my $attr3; \
> foreach $attr3 (@attr2) { \
> print "attribute is '$attr3'\n"; \
> }\
> }\
> }
> </Client>
>
> Mostly, what happens is I try and use the 'change_attr'
> method to change the realm from whatever it was to 'home'.
> However, when I tried then using a <Handler Realm = home>
> block, it never noticed the new realm, and continued with the
> old realm as per the following log file segment:
>
> attribute is 'User-Name'
> attribute is 'hamlin'
> attribute is 'Service-Type'
> attribute is 'Framed-User'
> attribute is 'NAS-IP-Address'
> attribute is '203.63.154.1'
> attribute is 'NAS-Port'
> attribute is '1234'
> attribute is 'Called-Station-Id'
> attribute is '123456789'
> attribute is 'Calling-Station-Id'
> attribute is '987654321'
> attribute is 'NAS-Port-Type'
> attribute is 'Async'
> attribute is 'Framed-IP-Address'
> attribute is '255.255.255.254'
> attribute is 'User-Password'
> attribute is 'ϸfß5pö¼8 Ø}x'
> attribute is 'Realm'
> attribute is 'home'
> Wed Jul 11 10:45:34 2001: DEBUG: Packet dump:
> *** Received from 65.13.83.72 port 1027 ....
> Code: Access-Request
> Identifier: 124
> Authentic: 1234567890123456
> Attributes:
> User-Name = "hamlin at wf.quik.com"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> Framed-IP-Address = 255.255.255.254
> User-Password =
> "<207><184>f<154><223>5p<246><188>8<9><160><216>}x<153>"
> Wed Jul 11 10:45:34 2001: DEBUG: Rewrote user name to hamlin
> Wed Jul 11 10:45:34 2001: DEBUG: Check if Handler Realm =
> home should be used to handle this request Wed Jul 11
> 10:45:34 2001: DEBUG: Check if Handler should be used to
> handle this request Wed Jul 11 10:45:34 2001: DEBUG: Handling
> request with Handler '' Wed Jul 11 10:45:34 2001: DEBUG:
> Deleting session for hamlin at wf.quik.com, 203.63.154.1, 1234
>
> As you can see, when printing out attributes, it shows the
> Realm to be 'home', and later when doing the packet dump, the
> username is hamlin at wf.quik.com as it was sent from the radius
> client. Maybe this is not possible, which would be OK I have
> other ideas to work around it. But now I'm curious.
>
> Griff Hamlin, IIII
>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list