(RADIATOR) Changing User-Name in hook

Frank Danielson fdanielson at dataonair.com
Fri Feb 22 21:47:59 CST 2002


We're authenticating and accounting for calls made by cellular phones to a 
3Com NAS. The phones are preprogrammed to all dial a certain number (#777) and 
all use the same user name and password. I had originally planned to 
authenticate from the Calling-Station-Id but the problem I ran into was that 
other funtions such as the session database and session limit checking use the 
User-Name attribute. We will be having some other users dialing in with unique 
names and passwords that will be authenticated normally so it seemd to make 
much more sense to do the User-Name translation in the beginning than worry 
about all of the other places where I may need to decide whether to use the 
User-Name or Calling-Station-Id.
 After a little bit of poking around I found that Radiator stores the original 
user name so even if you change the User-Name attribute in a hook, the 
original user name is used for later authentication and session-limit 
checking. Modifiying the OriginalUserName attribute fixed my problem although 
I'm sure there was a reason for keeping the original copy of it that I may not 
be aware of.

>===== Original Message From hugh at open.com.au =====
>Hello Frank -
>
>You would usually just use the Calling-Station-Id attribute directly, and
>provide an AuthSelect statement in the AuthBy SQL clause (assuming you are
>using an SQL database).
>
>Perhaps you could describe you requirements in  more detail?
>
>regards
>
>Hugh
>
>
>On Sat, 23 Feb 2002 05:30, Frank Danielson wrote:
>> Hi-
>>
>> We're trying to use Radiator to authenticate dialup users using the
>> Calling-Station-Id instead of the User-Name. All of the users dial in using
>> the same name and password so I want to use a hook to put the value of the
>> Calling-Station-Id attribute into the User-Name attribute. It seems easy
>> enough and the simple hook I wrote thinks that it is working but the user
>> is still being logged in the session database and authenticated using the
>> original User-Name value. Is there something I'm missing or is this just
>> not possible for some reason?
>>
>> Config file snippet:
>>
>> PreClientHook sub {\
>>  my $p = ${$_[0]};\
>>  my $dnis=$p->get_attr('Called-Station-Id');\
>>  $dnis =~ s/\D//g;\
>>  $p->change_attr('Called-Station-Id',$dnis);\
>>  &main::log($main::LOG_DEBUG,"Dnis:$dnis, ");\
>>  if ($dnis eq "777") {\
>>   my $p = ${$_[0]};\
>>   my $min=$p->get_attr('Calling-Station-Id');\
>>   my $olduser=$p->get_attr('User-Name');\
>>   $p->change_attr('User-Name',$min);\
>>   my $newuser=$p->get_attr('User-Name');\
>>   &main::log($main::LOG_DEBUG,"Min:$min, OldUser:$olduser
>> NewUser:$newuser\n");\
>>  }\
>> }
>>
>> Trace 4 Debug:
>>
>> *** Received from 10.1.10.6 port 1818 ....
>> Code:       Access-Request
>> Identifier: 184
>> Authentic:  1234567890123456
>> Attributes:
>>         User-Name = "qnc"
>>         Service-Type = Framed-User
>>         NAS-IP-Address = 203.63.154.1
>>         NAS-Port = 1234
>>         Called-Station-Id = "#777"
>>         Calling-Station-Id = "987654321"
>>         NAS-Port-Type = Async
>>         User-Password =
>> "<136><229><<173><175>\<4><246><188>8<9><160><216>}x<153
>>
>> >"
>>
>> Fri Feb 22 13:15:25 2002: DEBUG: Dnis:777,
>> Fri Feb 22 13:15:25 2002: DEBUG: Min:987654321, OldUser:qnc
>> NewUser:987654321
>>
>> Fri Feb 22 13:15:25 2002: DEBUG: Check if Handler Called-Station-Id=777
>> should be used to handle this request
>> Fri Feb 22 13:15:25 2002: DEBUG: Handling request with Handler
>> 'Called-Station-Id=777'
>> Fri Feb 22 13:15:25 2002: DEBUG: SDB1 Deleting session for qnc,
>> 203.63.154.1, 1234
>> Fri Feb 22 13:15:25 2002: DEBUG: Handling with AuthINTERNAL:
>> Fri Feb 22 13:15:25 2002: DEBUG: Access accepted for qnc
>> Fri Feb 22 13:15:25 2002: DEBUG: Packet dump:
>> *** Sending to 10.1.10.6 port 1818 ....
>> Code:       Access-Accept
>> Identifier: 184
>> Authentic:  1234567890123456
>> Attributes:
>>
>> Frank Danielson
>> [Infrastructure Architect]
>>
>> wireless: 407.467.7832
>> wireline: 407.515.8633
>>
>> Data On Air
>> 301 E. Pine St. Suite 450
>> Orlando, Fl 32801
>> http://www.dataonair.com <http://www.dataonair.com/>
>
>--
>Radiator: the most portable, flexible and configurable RADIUS server
>anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
>-
>Nets: internetwork inventory and management - graphical, extensible,
>flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list