(RADIATOR) Problems with PreAuthHook
Hugh Irvine
hugh at open.com.au
Sat Oct 26 02:06:42 CDT 2002
Hello Frank, Hello Bogdan -
Radiator keeps both versions of the username available, because the NAS
itself has kept a copy of the original username as entered by the user.
If you use Radiator to do strict session limit checking by querying the
NAS, you *must* have the original username available to do so.
regards
Hugh
On Saturday, October 26, 2002, at 12:29 AM, Frank Danielson wrote:
> It's been my experience that for some reason Radiator stores the user
> name a
> couple of different ways. If you want to authoritatively change the
> user
> name attribute you need to do this in your hook-
>
> $p->{OriginalUserName}='abracadabra';
> $p->changeUserName('abracadabra');
>
> For your purposes you may be able to use just changeUserName()
>
> Frank Danielson
> [Infrastructure Architect]
>
> wireless: 407.467.7832
> wireline: 407.515.8633
>
> Data On Air
> 301 E. Pine St. Suite 450
> Orlando, Fl 32801
> http://www.dataonair.com
>
> -----Original Message-----
> From: Bogdan TARU [mailto:bgd at icomag.de]
> Sent: Friday, October 25, 2002 7:43 AM
> To: radiator at open.com.au
> Subject: (RADIATOR) Problems with PreAuthHook
>
>
>
> Hi guys,
>
> It seems that I don't know how to use PreAuthHook properly. I would
> like
> to do something like: if a username matches a certain patter (in my
> case,
> the last two chars are 'es'), then rename the username to a known one
> 'abracadabra', and do the authentification (fetch 'abracadabra's
> attributes instead of the actual user ending in 'es'). So I did a:
>
> RewriteUsername s/(.*)\\+$/$1/
> PreAuthHook sub { \
> my $p = ${$_[0]}; \
> my $username = $p->get_attr('User-Name'); \
> if (substr($username,-2) eq 'es') { \
> $p->delete_attr('User-Name'); \
> $p->add_attr('User-Name', 'abracadabra'); \
> &main::log($main::LOG_ERR, $p->get_attr('User-Name')); \
> } \
> }
>
> And the AuthSelect looks like:
>
> AuthSelect select users.attribute from users left join users AS
> tmp
> on \
> tmp.User='%{User-Name}' where (tmp.User IS NULL AND
> users.User='Default')
>
> But it seems that %{User-Name} in the Select statement is the original
> username, not the one that I replaced. The log file looks like:
>
>
> Fri Oct 25 13:36:41 2002: ERR: abracadabra
> Fri Oct 25 13:36:41 2002: DEBUG: Handling with Radius::AuthSQL
> Fri Oct 25 13:36:41 2002: DEBUG: Handling with Radius::AuthSQL:
> Fri Oct 25 13:36:41 2002: DEBUG: Query is: select users.attribute from
> users left join users AS tmp on tmp.User='bgdes' where (tmp.User IS
> NULL
> AND users.User='Default')
>
>
> What am I doing wrong?
>
> Thanks,
> bogdan
>
> ----------------------------
> iCom Media AG
> Kirchweg 36
> Koln, 50858
> Germany
>
> Phone: +49-(0)221-485-689-16
> Fax : +49-(0)221-485-689-20
> Mobile:+49-(0)173-906-46-01
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>
NB: I am travelling this week, so there may be delays in our
correspondence.
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list