(RADIATOR) Re: PreClientHook
Hugh Irvine
hugh at open.com.au
Thu Apr 17 00:10:55 CDT 2003
Hello Nathan -
You can stop the DEFAULT lookup by adding
NoDefault
to your AuthBy clause(s).
And to change the username, you should use this:
$request->changeUserName($login);
Have a look at the code in Radius/Radius.pm->sub changeUserName.
regards
Hugh
On Thursday, Apr 17, 2003, at 10:53 Australia/Melbourne, Nathan
'Franko' Franklin wrote:
> Hello Hugh
>
> I am using the PreClientHook to change the username of an incoming
> user, but it doesnt seem to be working properly, It is rejecting all
> my requests plus it isnt changing the username.
>
> Below is all my stuff
>
> Config File
> LogStdout
> Trace 4
> AuthPort xxx
> AcctPort xxx
> LogFile wireless.log
>
> DbDir c:\radiator
>
> PreClientHook file:"c:\hooks\wireless_preClientHook.pl"
>
> <Client 202.22.163.25>
> Secret xxx
> </client>
>
> RewriteUsername s/-//g
>
> <Handler Acct-Status-Type = Start,Identifier=dialup>
> AuthByPolicy ContinueAlways
> <AuthBy EMERALD>
> CaseInsensitivePasswords
> DBSource dbi:ODBC:RadiusSQL
> DBUsername xxx
> DBAuth xxx
> # You can add to or change these if you want.
> AccountingTable radCalls
> AcctColumnDef UserName,User-Name
> AcctColumnDef CallDate,Timestamp,integer-date
> AcctColumnDef AcctStatusType,Acct-Status-Type,integer
> AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
> AcctColumnDef
> AcctInputOctets,Acct-Input-Octets,integer
> AcctColumnDef
> AcctOutputOctets,Acct-Output-Octets,integer
> AcctColumnDef AcctSessionId,Acct-Session-Id
> AcctColumnDef
> AcctSessionTime,Acct-Session-Time,integer
> AcctColumnDef
> AcctTerminateCause,Acct-Terminate-Cause,integer
> AcctColumnDef NASIdentifier,NAS-IP-Address
> AcctColumnDef FramedAddress,Framed-IP-Address
> AcctColumnDef NASPort,NAS-Port,integer
> AcctColumnDef AScendSessionKey,Ascend-Session-Svr-Key
> AcctColumnDef CallerID,Calling-Station-Id
> AcctColumnDef NASPortDNIS,Called-Station-Id
> AcctColumnDef SignaltoNoise,Annex-Signal-to-Noise-Ratio,integer
> AcctColumnDef Recievelevel,Annex-Begin-Receive-Line-Level,integer
> AcctColumnDef ConnectSpeed,Connect-Info
> AcctColumnDef Modulation,Annex-Begin-Modulation
> </AuthBy>
> </Handler>
> <Handler Acct-Status-Type = Stop,Identifier=dialup>
> AuthByPolicy ContinueAlways
> <AuthBy SQL>
> DBSource dbi:ODBC:RadiusRelay
> DBUsername xxx
> DBAuth xxx
> AcctSQLStatement delete from mail_relay where
> ip_addr='%{Framed-IP-Address}'
> </AuthBy>
> <AuthBy EMERALD>
> CaseInsensitivePasswords
> DBSource dbi:ODBC:RadiusSQL
> DBUsername xxx
> DBAuth xxx
> # You can add to or change these if you want.
> AccountingTable radCalls
> AcctColumnDef UserName,User-Name
> AcctColumnDef CallDate,Timestamp,integer-date
> AcctColumnDef AcctStatusType,Acct-Status-Type,integer
> AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
> AcctColumnDef
> AcctInputOctets,Acct-Input-Octets,integer
> AcctColumnDef
> AcctOutputOctets,Acct-Output-Octets,integer
> AcctColumnDef AcctSessionId,Acct-Session-Id
> AcctColumnDef
> AcctSessionTime,Acct-Session-Time,integer
> AcctColumnDef
> AcctTerminateCause,Acct-Terminate-Cause,integer
> AcctColumnDef NASIdentifier,NAS-IP-Address
> AcctColumnDef FramedAddress,Framed-IP-Address
> AcctColumnDef NASPort,NAS-Port,integer
> AcctColumnDef AscendSessionKey,Ascend-Session-Svr-Key
> AcctColumnDef CallerID,Calling-Station-Id
> AcctColumnDef NASPortDNIS,Called-Station-Id
> AcctColumnDef SignaltoNoise,Annex-Signal-to-Noise-Ratio,integer
> AcctColumnDef
> Recievelevel,Annex-Begin-Receive-Line-Level,integer
> AcctColumnDef ConnectSpeed,Connect-Info
> AcctColumnDef Modulation,Annex-Begin-Modulation
> </AuthBy>
> </Handler>
> <Handler Acct-Status-Type= Accounting-Request,Identifier=dialup>
> <AuthBy EMERALD>
> CaseInsensitivePasswords
> DBSource dbi:ODBC:RadiusSQL
> DBUsername xxx
> DBAuth xxx
> # You can add to or change these if you want.
> AccountingTable radCalls
> AcctColumnDef UserName,User-Name
> AcctColumnDef CallDate,Timestamp,integer-date
> AcctColumnDef AcctStatusType,Acct-Status-Type,integer
> AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
> AcctColumnDef
> AcctInputOctets,Acct-Input-Octets,integer
> AcctColumnDef
> AcctOutputOctets,Acct-Output-Octets,integer
> AcctColumnDef AcctSessionId,Acct-Session-Id
> AcctColumnDef
> AcctSessionTime,Acct-Session-Time,integer
> AcctColumnDef
> AcctTerminateCause,Acct-Terminate-Cause,integer
> AcctColumnDef NASIdentifier,NAS-IP-Address
> AcctColumnDef FramedAddress,Framed-IP-Address
> AcctColumnDef NASPort,NAS-Port,integer
> AcctColumnDef AscendSessionKey,Ascend-Session-Svr-Key
> AcctColumnDef CallerID,Calling-Station-Id
> AcctColumnDef NASPortDNIS,Called-Station-Id
> AcctColumnDef
> SignaltoNoise,Annex-Signal-to-Noise-Ratio,integer
> AcctColumnDef
> Recievelevel,Annex-Begin-Receive-Line-Level,integer
> AcctColumnDef ConnectSpeed,Connect-Info
> AcctColumnDef Modulation,Annex-Begin-Modulation
> </AuthBy>
> </Handler>
> <Handler>
>
> <AuthLog SQL>
> DBSource dbi:ODBC:RadiusSQL
> DBUsername xxx
> DBAuth xxx
> Table radlogs
> FailureQuery INSERT into RadLogs
> (Username,Data,NASIdentifier,NASport,CallerID) values
> ('%n','%P','%N','%{NAS-Port}','%{Calling-Station-Id}')
> </Authlog>
> <AuthBy EMERALD>
>
> CaseInsensitivePasswords
> DBSource dbi:ODBC:RadiusSQL
> DBUsername xxx
> DBAuth xxx
> # You can add to or change these if you want.
> AccountingTable radCalls
> AcctColumnDef UserName,User-Name
> AcctColumnDef CallDate,Timestamp,integer-date
> AcctColumnDef AcctStatusType,Acct-Status-Type,integer
> AcctColumnDef AcctDelayTime,Acct-Delay-Time,integer
> AcctColumnDef AcctInputOctets,Acct-Input-Octets,integer
> AcctColumnDef AcctOutputOctets,Acct-Output-Octets,integer
> AcctColumnDef AcctSessionId,Acct-Session-Id
> AcctColumnDef AcctSessionTime,Acct-Session-Time,integer
> AcctColumnDef AcctTerminateCause,Acct-Terminate-Cause,integer
> AcctColumnDef NASIdentifier,NAS-IP-Address
> AcctColumnDef FramedAddress,Framed-IP-Address
> AcctColumnDef NASPort,NAS-Port,integer
> AcctColumnDef AscendSessionKey,Ascend-Session-Svr-Key
> AcctColumnDef CallerID,Calling-Station-Id
> AcctColumnDef NASPortDNIS,Called-Station-Id
> AcctColumnDef SignaltoNoise,Annex-Signal-to-Noise-Ratio,integer
> AcctColumnDef
> Recievelevel,Annex-Begin-Receive-Line-Level,integer
> AcctColumnDef ConnectSpeed,Connect-Info
> AcctColumnDef Modulation,Annex-Begin-Modulation
> </AuthBy>
> </Handler>
>
> <SessionDatabase SQL>
> Identifier TSN
> DBSource dbi:ODBC:RadiusSQL
>
> #DBSource dbi:ODBC:RadiusSQL
> DBUsername xxx
> DBAuth xxx
>
> AddQuery insert into RADONLINE (USERNAME, NASIDENTIFIER, NASPORT, \
> ACCTSESSIONID, FRAMEDADDRESS, AccInputOctets, AccOutputOctets, \
> SERVICETYPE,NASPortDNIS,callerid,AscendKey) values ('%n', '%N',
> %{NAS-Port}, '%{Acct-Session-Id}', \
> '%{Framed-IP-Address}',0%{Acct-Input-Octets},0%{Acct-Output-Octets}, \
> '%{Service-Type}','%{Called-Station-Id}','%{Calling-Station-
> Id}','%{Ascend-Session-Svr-Key}')
> DeleteQuery delete from RADONLINE where USERNAME='%n' and \
> NASIDENTIFIER='%N' and NASPORT='%{NAS-Port}'
> ClearNasQuery delete from RADONLINE where NASIDENTIFIER='%N'
> CountQuery select NASIDENTIFIER, NASPORT, ACCTSESSIONID from RADONLINE
> \
> where USERNAME='%n'
> </SessionDatabase>
>
>
>
> Wireeless_PreClientHook.pl
> # this PreClientHook will change the incoming wireless macaddress
> # into a proper username from the usermanager
> # eg... rwireless14
> # it will also set there incoming password so when we need
> # the password attribute if we need it
> # it will be the password under there account
> # instead of the password from the accesspoint
>
> use DBI;
> use strict;
>
> sub {
> &main::log($main::LOG_INFO,"CALLED HOOK");
> my $request = ${$_[0]};
> #my $reply = ${$_[1]};
>
> my $username = Radius::Util::format_special('%{User-Name}',$request);
> &main::log($main::LOG_INFO,"Username is $username");
>
> my $dsn = "dbi:ODBC:RadiusSQL";
> my $dbh = DBI->connect($dsn,"xx","xxx") || die "DB open error";
> my $sql = "Select SA.Login,SA.Password From SubAccounts SA,UserInfo
> UI Where UI.Auto = SA.CustomerID And SA.Shell = '$username'";
> my $sth = $dbh->prepare($sql);
> $sth->execute;
> if(my $row = $sth->fetchrow_hashref)
> {
> my $login = $row->{'Login'};
> my $password = $row->{'Password'};
> $request->change_attr('User-Name',$login);
> #$reply->change_attr('User-Name',$login);
> $request->change_attr('User-Password',$password);
> #$reply->change_attr('User-Password',$password);
> &main::log($main::LOG_INFO,"NEW Username is $login");
> &main::log($main::LOG_INFO,"NEW Password is $password");
>
> }
> $sth->finish;
> $dbh->disconnect();
>
> }
>
> Here is an extraxt of my trace 4 log
> Thu Apr 17 10:30:23 2003: DEBUG: Packet dump:
> *** Received from 202.22.163.25 port 1027 ....
> Code: Access-Request
> Identifier: 113
> Authentic: 1234567890123456
> Attributes:
> User-Name = "00-02-2D-31-2E-82"
> Service-Type = Framed-User
> NAS-IP-Address = 203.63.154.1
> NAS-Port = 1234
> Called-Station-Id = "123456789"
> Calling-Station-Id = "987654321"
> NAS-Port-Type = Async
> User-Password = " <231>Y}<252><193><18>N at lO<212><189><158>m<147>"
>
> Thu Apr 17 10:30:23 2003: DEBUG: Rewrote user name to 00022D312E82
> Thu Apr 17 10:30:23 2003: INFO: CALLED HOOK
> Thu Apr 17 10:30:23 2003: INFO: Username is 00022D312E82
> Thu Apr 17 10:30:23 2003: INFO: NEW Username is rwireless08
> Thu Apr 17 10:30:23 2003: INFO: NEW Password is tsn
> Thu Apr 17 10:30:23 2003: DEBUG: Handling request with Handler ''
> Thu Apr 17 10:30:23 2003: DEBUG: TSN Deleting session for
> 00-02-2D-31-2E-82, 203.63.154.1, 1234
> Thu Apr 17 10:30:23 2003: DEBUG: do query is: delete from RADONLINE
> where USERNAME='00022D312E82' and NASIDENTIFIER='203.63.154.1' and
> NASPORT='1234'
>
> Thu Apr 17 10:30:23 2003: DEBUG: Handling with Radius::AuthEMERALD
> Thu Apr 17 10:30:23 2003: DEBUG: Handling with Radius::AuthEMERALD:
> Thu Apr 17 10:30:23 2003: DEBUG: Query is: select DateAdd(Day, 20,
> saExpireDate),
> DateAdd(Day, 20, saExpireDate), sa.CustomerID as AccountID,
> sa.AccountType,
> case AT.AccountType when 7 then sa.shellpassword when 8 then
> sa.shellpassword else sa.password end as password, sa.login, sa.shell,
> sa.TimeLeft
> from subaccounts sa,userinfo ui, acctypes AT
> where AT.AccName = UI.AccType
> And UI.Auto = SA.CustomerID
> and (sa.login = '00022D312E82' or sa.shell = '00022D312E82')
> and sa.active =1
>
> Thu Apr 17 10:30:23 2003: DEBUG: Select results: , , 38055, ppp, tsn,
> rwireless08, 00022D312E82, ,
> Thu Apr 17 10:30:23 2003: DEBUG: Query is: select ra.RadAttributeID,
> ra.RadVendorID,
> ra.RadVendorType,
> Data, Value, Type, RadCheck
> from RadConfigs rc, RadAttributes ra
> where ra.RadAttributeID = rc.RadAttributeID
> and ra.RadVendorID = rc.RadVendorID
> and ra.RadVendorType = rc.RadVendorType
> and rc.AccountID=38055
>
> Thu Apr 17 10:30:23 2003: DEBUG: Radius::AuthEMERALD looks for match
> with 00022D312E82
> Thu Apr 17 10:30:23 2003: DEBUG: Radius::AuthEMERALD REJECT: Bad
> Password
> Thu Apr 17 10:30:23 2003: DEBUG: Query is: select DateAdd(Day, 20,
> saExpireDate),
> DateAdd(Day, 20, saExpireDate), sa.CustomerID as AccountID,
> sa.AccountType,
> case AT.AccountType when 7 then sa.shellpassword when 8 then
> sa.shellpassword else sa.password end as password, sa.login, sa.shell,
> sa.TimeLeft
> from subaccounts sa,userinfo ui, acctypes AT
> where AT.AccName = UI.AccType
> And UI.Auto = SA.CustomerID
> and (sa.login = 'DEFAULT' or sa.shell = 'DEFAULT')
> and sa.active =1
>
> Thu Apr 17 10:30:23 2003: INFO: Access rejected for 00022D312E82: Bad
> Password
> Thu Apr 17 10:30:23 2003: DEBUG: do query is: INSERT into RadLogs
> (Username,Data,NASIdentifier,NASport,CallerID) values
> ('00022D312E82',' çY','203.63.154.1','1234','987654321')
>
> Thu Apr 17 10:30:23 2003: DEBUG: Packet dump:
> *** Sending to 202.22.163.25 port 1027 ....
> Code: Access-Reject
> Identifier: 113
> Authentic: 1234567890123456
> Attributes:
> Reply-Message = "Request Denied"
>
> I would like to know where the DEFAULT username is coming from becuase
> that is causing the rejection i think and i would also like to know
> why the username isnt changing..
>
> thanks for your help Hugh
>
> Kind Regards
>
> Nathan Franklin
> TSN Internet
> nathan at tsn.cc
> MSN: nathanfranko at hotmail.com
>
> 'If you keep your ears and eyes on your customer, You will keep your
> competitor's foot out of the door.'
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: text/enriched
Size: 16660 bytes
Desc: not available
URL: <http://www.open.com.au/pipermail/radiator/attachments/20030417/fdddc243/attachment.bin>
More information about the radiator
mailing list