(RADIATOR) Adding an SQL based attribute before AuthBy SQLRADIUS
Sebastian Filzek
sebastian at filzek.org
Mon Jun 24 19:50:15 CDT 2002
Hello,
> I misunderstood your original question.
>
> You are correct - you will have to use a hook to do what you describe.
Cool.. I don't use perl, but I've thrown together a hook based on examples
gleemed from this list and the goodies directory, it's included below.
Regards,
Sab.
# Generic DB connect information, used for any hooks
<AuthBy SQL>
Identifier SQLInfo
DBSource dbi:mysql:dbname
DBUsername username
DBAuth bigsecret
</AuthBy>
<Handler>
# hook to add custom attrib to all requests
PreProcessingHook \
sub { \
my $p = ${$_[0]}; \
my $authby_handle = Radius::AuthGeneric::find('SQLInfo'); \
my $query = "SELECT custom_attrib FROM blah blah... "; \
my $sth = $authby_handle->prepareAndExecute($query); \
my @row = $sth->fetchrow(); \
${$_[0]} -> add_attr('My-Custom-Attrib',"$row[0]"); \
}
AuthBy [other stuff]
</Handler>
> On Mon, 24 Jun 2002 23:13, Sebastian Filzek wrote:
> > Hi Hugh,
> >
> > I've tried a similar config to the one you suggested, however it only
adds
> > the custom attribute to the outgoing access-accept replies back upstream
to
> > the NAS, not to any packets to the downstream proxy radius.
> >
> > Also, since we're using an AuthBy clause to add the custom attribs then
> > wouldn't they only be added to the access requests? I'm trying to modify
> > all radius packets (auth and acct) passed downstream to include the
custom
> > attribs.
> >
> > Regards,
> > Sab.
> >
> > > Hello Sebastian -
> > >
> > > Probably the simplest thing to do is have an AuthBy SQL clause before
the
> > > AuthBy SQLRADIUS clause, something like this:
> > >
> > > # define AuthBy clauses
> > >
> > > <AuthBy SQL>
> > > Identifier GetCustomAttribute
> > > DBSource ....
> > > DBUsername ....
> > > DBAuth ....
> > > AuthSelect select ATTRIBUTE from ......
> > > AuthColumnDef 0, Custom-Attribute-Name, reply
> > > </AuthBy>
> > >
> > > <AuthBy SQLRADIUS>
> > > Identifier ForwardToProxy
> > > .....
> > > </AuthBy>
> > >
> > > # define Realm or Handler
> > >
> > > <Handler>
> > > AuthByPolicy ContinueAlways
> > > AuthBy GetCustomAttribute
> > > AuthBy ForwardToProxy
> > > .....
> > > </Handler>
> > >
> > > Of course the Custom-Attribute-Name must be defined in the dictionary.
> > >
> > > regards
> > >
> > > Hugh
> > >
> > > On Mon, 24 Jun 2002 16:36, Sebastian Filzek wrote:
> > > > Hello,
> > > >
> > > > Quick question:
> > > >
> > > > I'm running a proxy radius server, and trying to add a custom
attribute
> > > > (whos value must be fetched by SQL) to all auth/acct packets before
> > > > they are passed on using AuthBy SQLRADIUS. Is there any way to do
this
> >
> > besides
> >
> > > > using a preauthhook?
> > > >
> > > > Any pointers/ideas appreciated.
> > > >
> > > > Regards,
> > > > Sab.
> > >
> > > --
> > > Radiator: the most portable, flexible and configurable RADIUS server
> > > anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> > > -
> > > Nets: internetwork inventory and management - graphical, extensible,
> > > flexible with hardware, software, platform and database independence.
> > > ===
> > > Archive at http://www.open.com.au/archives/radiator/
> > > Announcements on radiator-announce at open.com.au
> > > To unsubscribe, email 'majordomo at open.com.au' with
> > > 'unsubscribe radiator' in the body of the message.
>
> --
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list