(RADIATOR) PreClientHook

Nathan 'Franko' Franklin radiator_tsn at tsn.cc
Wed Apr 16 19:53:30 CDT 2003


Hello Hugh

I am using the PreClientHook to change the username of an incoming user, but it doesnt seem to be working properly, It is rejecting all my requests plus it isnt changing the username.

Below is all my stuff

Config File
LogStdout
Trace 4
AuthPort xxx
AcctPort xxx
LogFile wireless.log

DbDir c:\radiator

PreClientHook file:"c:\hooks\wireless_preClientHook.pl"

<Client 202.22.163.25>
     Secret xxx
</client>

RewriteUsername s/-//g

<Handler Acct-Status-Type = Start,Identifier=dialup>
AuthByPolicy ContinueAlways
 <AuthBy EMERALD>
  CaseInsensitivePasswords
           DBSource dbi:ODBC:RadiusSQL
                DBUsername      xxx
                DBAuth          xxx
                # You can add to or change these if you want.
                AccountingTable radCalls
                AcctColumnDef   UserName,User-Name
                AcctColumnDef   CallDate,Timestamp,integer-date
                AcctColumnDef   AcctStatusType,Acct-Status-Type,integer
                AcctColumnDef   AcctDelayTime,Acct-Delay-Time,integer
                AcctColumnDef   AcctInputOctets,Acct-Input-Octets,integer
                AcctColumnDef   AcctOutputOctets,Acct-Output-Octets,integer
                AcctColumnDef   AcctSessionId,Acct-Session-Id
                AcctColumnDef   AcctSessionTime,Acct-Session-Time,integer
                AcctColumnDef   AcctTerminateCause,Acct-Terminate-Cause,integer
                AcctColumnDef   NASIdentifier,NAS-IP-Address
                AcctColumnDef   FramedAddress,Framed-IP-Address
                AcctColumnDef   NASPort,NAS-Port,integer
                AcctColumnDef   AScendSessionKey,Ascend-Session-Svr-Key
                AcctColumnDef   CallerID,Calling-Station-Id
                AcctColumnDef   NASPortDNIS,Called-Station-Id
  AcctColumnDef   SignaltoNoise,Annex-Signal-to-Noise-Ratio,integer
  AcctColumnDef   Recievelevel,Annex-Begin-Receive-Line-Level,integer
  AcctColumnDef   ConnectSpeed,Connect-Info
  AcctColumnDef   Modulation,Annex-Begin-Modulation
        </AuthBy>
</Handler>
<Handler Acct-Status-Type = Stop,Identifier=dialup>
AuthByPolicy ContinueAlways
        <AuthBy SQL>
                DBSource             dbi:ODBC:RadiusRelay
                DBUsername       xxx
                DBAuth  xxx
  AcctSQLStatement delete from mail_relay where ip_addr='%{Framed-IP-Address}'
        </AuthBy>
        <AuthBy EMERALD>
                CaseInsensitivePasswords
                DBSource dbi:ODBC:RadiusSQL
                DBUsername      xxx
                DBAuth          xxx
                # You can add to or change these if you want.
                AccountingTable radCalls
                AcctColumnDef   UserName,User-Name
                AcctColumnDef   CallDate,Timestamp,integer-date
                AcctColumnDef   AcctStatusType,Acct-Status-Type,integer
                AcctColumnDef   AcctDelayTime,Acct-Delay-Time,integer
                AcctColumnDef   AcctInputOctets,Acct-Input-Octets,integer
                AcctColumnDef   AcctOutputOctets,Acct-Output-Octets,integer
                AcctColumnDef   AcctSessionId,Acct-Session-Id
                AcctColumnDef   AcctSessionTime,Acct-Session-Time,integer
                AcctColumnDef   AcctTerminateCause,Acct-Terminate-Cause,integer
                AcctColumnDef   NASIdentifier,NAS-IP-Address
                AcctColumnDef   FramedAddress,Framed-IP-Address
                AcctColumnDef   NASPort,NAS-Port,integer
                AcctColumnDef   AscendSessionKey,Ascend-Session-Svr-Key
                AcctColumnDef   CallerID,Calling-Station-Id
                AcctColumnDef   NASPortDNIS,Called-Station-Id
  AcctColumnDef   SignaltoNoise,Annex-Signal-to-Noise-Ratio,integer
                AcctColumnDef   Recievelevel,Annex-Begin-Receive-Line-Level,integer
                AcctColumnDef   ConnectSpeed,Connect-Info
                AcctColumnDef   Modulation,Annex-Begin-Modulation
        </AuthBy>
</Handler>
<Handler Acct-Status-Type= Accounting-Request,Identifier=dialup>
        <AuthBy EMERALD>
                CaseInsensitivePasswords
                DBSource dbi:ODBC:RadiusSQL
                DBUsername      xxx
                DBAuth          xxx
                # You can add to or change these if you want.
                AccountingTable radCalls
                AcctColumnDef   UserName,User-Name
                AcctColumnDef   CallDate,Timestamp,integer-date
                AcctColumnDef   AcctStatusType,Acct-Status-Type,integer
                AcctColumnDef   AcctDelayTime,Acct-Delay-Time,integer
                AcctColumnDef   AcctInputOctets,Acct-Input-Octets,integer
                AcctColumnDef   AcctOutputOctets,Acct-Output-Octets,integer
                AcctColumnDef   AcctSessionId,Acct-Session-Id
                AcctColumnDef   AcctSessionTime,Acct-Session-Time,integer
                AcctColumnDef   AcctTerminateCause,Acct-Terminate-Cause,integer
                AcctColumnDef   NASIdentifier,NAS-IP-Address
                AcctColumnDef   FramedAddress,Framed-IP-Address
                AcctColumnDef   NASPort,NAS-Port,integer
                AcctColumnDef   AscendSessionKey,Ascend-Session-Svr-Key
                AcctColumnDef   CallerID,Calling-Station-Id
                AcctColumnDef   NASPortDNIS,Called-Station-Id
         AcctColumnDef   SignaltoNoise,Annex-Signal-to-Noise-Ratio,integer
                AcctColumnDef   Recievelevel,Annex-Begin-Receive-Line-Level,integer
                AcctColumnDef   ConnectSpeed,Connect-Info
                AcctColumnDef   Modulation,Annex-Begin-Modulation
 </AuthBy>
</Handler>
<Handler>

<AuthLog SQL>
                DBSource  dbi:ODBC:RadiusSQL
                DBUsername      xxx
                DBAuth          xxx
                Table radlogs
                FailureQuery INSERT into RadLogs (Username,Data,NASIdentifier,NASport,CallerID) values ('%n','%P','%N','%{NAS-Port}','%{Calling-Station-Id}')
</Authlog>
<AuthBy EMERALD>

CaseInsensitivePasswords
  DBSource dbi:ODBC:RadiusSQL
  DBUsername xxx
  DBAuth  xxx
  # You can add to or change these if you want.
  AccountingTable radCalls
  AcctColumnDef UserName,User-Name
  AcctColumnDef CallDate,Timestamp,integer-date
  AcctColumnDef AcctStatusType,Acct-Status-Type,integer
  AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
  AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
  AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
  AcctColumnDef AcctSessionId,Acct-Session-Id
  AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
  AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer
  AcctColumnDef NASIdentifier,NAS-IP-Address
  AcctColumnDef FramedAddress,Framed-IP-Address
  AcctColumnDef NASPort,NAS-Port,integer
  AcctColumnDef   AscendSessionKey,Ascend-Session-Svr-Key
  AcctColumnDef   CallerID,Calling-Station-Id
  AcctColumnDef   NASPortDNIS,Called-Station-Id
  AcctColumnDef   SignaltoNoise,Annex-Signal-to-Noise-Ratio,integer
                AcctColumnDef   Recievelevel,Annex-Begin-Receive-Line-Level,integer
                AcctColumnDef   ConnectSpeed,Connect-Info
                AcctColumnDef   Modulation,Annex-Begin-Modulation
 </AuthBy>
</Handler>

<SessionDatabase SQL>
Identifier TSN
DBSource dbi:ODBC:RadiusSQL

#DBSource        dbi:ODBC:RadiusSQL
DBUsername      xxx
DBAuth          xxx

AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, \
ACCTSESSIONID, FRAMEDADDRESS, AccInputOctets, AccOutputOctets, \
SERVICETYPE,NASPortDNIS,callerid,AscendKey) values ('%n', '%N', %{NAS-Port}, '%{Acct-Session-Id}', \
'%{Framed-IP-Address}',0%{Acct-Input-Octets},0%{Acct-Output-Octets}, \
'%{Service-Type}','%{Called-Station-Id}','%{Calling-Station-Id}','%{Ascend-Session-Svr-Key}')
DeleteQuery delete from RADONLINE where USERNAME='%n' and \
NASIDENTIFIER='%N' and NASPORT='%{NAS-Port}'
ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE \
where USERNAME='%n'
</SessionDatabase>



Wireeless_PreClientHook.pl
# this PreClientHook will change the incoming wireless macaddress
# into a proper username from the usermanager
# eg... rwireless14
# it will also set there incoming password so when we need
# the password attribute if we need it
# it will be the password under there account
# instead of the password from the accesspoint

use DBI;
use strict;
 
sub {
 &main::log($main::LOG_INFO,"CALLED HOOK");
 my $request = ${$_[0]};
 #my $reply = ${$_[1]};

 my $username = Radius::Util::format_special('%{User-Name}',$request);
  &main::log($main::LOG_INFO,"Username is $username");

 my $dsn = "dbi:ODBC:RadiusSQL";
 my $dbh = DBI->connect($dsn,"xx","xxx") || die "DB open error";
 my $sql = "Select SA.Login,SA.Password From SubAccounts SA,UserInfo UI Where UI.Auto = SA.CustomerID And SA.Shell = '$username'";
 my $sth = $dbh->prepare($sql);
 $sth->execute;
 if(my $row = $sth->fetchrow_hashref)
 {
  my $login = $row->{'Login'};
  my $password = $row->{'Password'};
  $request->change_attr('User-Name',$login);
  #$reply->change_attr('User-Name',$login);
  $request->change_attr('User-Password',$password);
  #$reply->change_attr('User-Password',$password);
  &main::log($main::LOG_INFO,"NEW Username is $login");
  &main::log($main::LOG_INFO,"NEW Password is $password");
  
 }
 $sth->finish;
 $dbh->disconnect();

}

Here is an extraxt of my trace 4 log
Thu Apr 17 10:30:23 2003: DEBUG: Packet dump:
*** Received from 202.22.163.25 port 1027 ....
Code:       Access-Request
Identifier: 113
Authentic:  1234567890123456
Attributes:
 User-Name = "00-02-2D-31-2E-82"
 Service-Type = Framed-User
 NAS-IP-Address = 203.63.154.1
 NAS-Port = 1234
 Called-Station-Id = "123456789"
 Calling-Station-Id = "987654321"
 NAS-Port-Type = Async
 User-Password = " <231>Y}<252><193><18>N at lO<212><189><158>m<147>"

Thu Apr 17 10:30:23 2003: DEBUG: Rewrote user name to 00022D312E82
Thu Apr 17 10:30:23 2003: INFO: CALLED HOOK
Thu Apr 17 10:30:23 2003: INFO: Username is 00022D312E82
Thu Apr 17 10:30:23 2003: INFO: NEW Username is rwireless08
Thu Apr 17 10:30:23 2003: INFO: NEW Password is tsn
Thu Apr 17 10:30:23 2003: DEBUG: Handling request with Handler ''
Thu Apr 17 10:30:23 2003: DEBUG: TSN Deleting session for 00-02-2D-31-2E-82, 203.63.154.1, 1234
Thu Apr 17 10:30:23 2003: DEBUG: do query is: delete from RADONLINE where USERNAME='00022D312E82' and NASIDENTIFIER='203.63.154.1' and NASPORT='1234'

Thu Apr 17 10:30:23 2003: DEBUG: Handling with Radius::AuthEMERALD
Thu Apr 17 10:30:23 2003: DEBUG: Handling with Radius::AuthEMERALD: 
Thu Apr 17 10:30:23 2003: DEBUG: Query is: select DateAdd(Day, 20, saExpireDate),
DateAdd(Day, 20, saExpireDate), sa.CustomerID as AccountID, sa.AccountType,
case AT.AccountType when 7 then sa.shellpassword when 8 then sa.shellpassword else sa.password end as password, sa.login, sa.shell, sa.TimeLeft 
from subaccounts sa,userinfo ui, acctypes AT
where AT.AccName = UI.AccType
And UI.Auto = SA.CustomerID
and (sa.login = '00022D312E82' or sa.shell = '00022D312E82')
and sa.active =1

Thu Apr 17 10:30:23 2003: DEBUG: Select results: , , 38055, ppp, tsn, rwireless08, 00022D312E82, , 
Thu Apr 17 10:30:23 2003: DEBUG: Query is: select ra.RadAttributeID, ra.RadVendorID, 
ra.RadVendorType, 
Data, Value, Type, RadCheck 
from RadConfigs rc, RadAttributes ra
where ra.RadAttributeID = rc.RadAttributeID 
and ra.RadVendorID = rc.RadVendorID
and ra.RadVendorType = rc.RadVendorType
and rc.AccountID=38055

Thu Apr 17 10:30:23 2003: DEBUG: Radius::AuthEMERALD looks for match with 00022D312E82
Thu Apr 17 10:30:23 2003: DEBUG: Radius::AuthEMERALD REJECT: Bad Password
Thu Apr 17 10:30:23 2003: DEBUG: Query is: select DateAdd(Day, 20, saExpireDate),
DateAdd(Day, 20, saExpireDate), sa.CustomerID as AccountID, sa.AccountType,
case AT.AccountType when 7 then sa.shellpassword when 8 then sa.shellpassword else sa.password end as password, sa.login, sa.shell, sa.TimeLeft 
from subaccounts sa,userinfo ui, acctypes AT
where AT.AccName = UI.AccType
And UI.Auto = SA.CustomerID
and (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
and sa.active =1

Thu Apr 17 10:30:23 2003: INFO: Access rejected for 00022D312E82: Bad Password
Thu Apr 17 10:30:23 2003: DEBUG: do query is: INSERT into RadLogs (Username,Data,NASIdentifier,NASport,CallerID) values ('00022D312E82',' çY','203.63.154.1','1234','987654321')

Thu Apr 17 10:30:23 2003: DEBUG: Packet dump:
*** Sending to 202.22.163.25 port 1027 ....
Code:       Access-Reject
Identifier: 113
Authentic:  1234567890123456
Attributes:
 Reply-Message = "Request Denied"

I would like to know where the DEFAULT username is coming from becuase that is causing the rejection i think and i would also like to know why the username isnt changing..

thanks for your help Hugh

Kind Regards

Nathan Franklin
TSN Internet
nathan at tsn.cc
MSN: nathanfranko at hotmail.com

'If you keep your ears and eyes on your customer, You will keep your competitor's foot out of the door.' 
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030417/9f7fa0c8/attachment.html>


More information about the radiator mailing list