(RADIATOR) Assign IP's or Default

Hugh Irvine hugh at open.com.au
Tue Feb 4 18:11:12 CST 2003 

Hello William -

Yes I do mean request, which you can reference with:

	$gid = $p->get_attr('Group-Id');

The reason for doing it this way (as described in my previous mail) is 
because you then don't have to bother with any housekeeping as the 
request packet is discarded automatically. You can also do it as you 
show below, but then you have to remove the "Group-Id" attribute from 
the reply packet before returning it to the NAS, otherwise you will get 
an error in your logs.

regards

Hugh


On Wednesday, Feb 5, 2003, at 10:30 Australia/Melbourne, William Taylor 
wrote:

> Hi Hugh,
>
>  Thanks for the info. I was doing something similar with the
> replaceProfiles hook you were using. I do have a question though.
> Below in the AuthColumnDef you say Group-Id, request
> Are you sure that is supposed to be request and not reply?
> I don't get anything with using "request" when I do a :
>  my $rp = ${$_[1]};
>  $gid = $rp->get_attr('Group-Id');
>
> But if I change it to reply I do.
> Thanks again for the help.
>
> On Tue, 2003-02-04 at 14:57, Hugh Irvine wrote:
>> Hello William -
>>
>> All of what you want to do is fairly straightforward, although dealing
>> with ISDN will probably involve the use of Handlers.
>>
>> Here is what I would do:
>>
>> # define AuthBy clauses
>>
>> <AuthBy SQL>
>> 	Identifier CheckISDN
>> 	.....
>> 	# set up AuthSelect for ISDN only
>> 	AuthSelect .....
>> 	.....
>> 	AddToReply Service-Type = Framed-User, \
>> 		Framed-Protocol = PPP, \
>> 		.....
>> 	.....
>> </AuthBy>
>>
>> <AuthBy SQL>
>> 	Identifier CheckAsync
>> 	.....
>> 	# set up AuthSelect
>> 	AuthSelect select PASSWORD, GID, REPLYATTR \
>> 		from USERS where USERNAME = '%U' \
>> 		and ISACTIVE <> 0
>> 	AuthColumnDef 0, Password, check
>> 	AuthColumnDef 1, Group-Id, request
>> 	AuthColumnDef 2, GENERIC, reply
>> 	.....
>> 	AddToReply Service-Type = Framed-User, \
>> 		Framed-Protocol = PPP, \
>> 		...
>> 	....
>> </AuthBy>
>>
>> # define Handlers
>>
>> <Handler NAS-Port-Type = ISDN>
>> 	AuthBy CheckISDN
>> 	.....
>> </Handler>
>>
>> <Handler>
>> 	AuthBy CheckAsync
>> 	PostAuthHook file:"%D/postprocess.pl"
>> 	.....
>> </Handler>
>>
>>
>> The PostAuthHook would add the extra reply attributes according to the
>> "Group-Id" pseudo-attribute added to the incoming access request by 
>> the
>> AuthBy clause (it is easier to add the pseudo-attribute to the 
>> incoming
>> request, because the packet is discarded after processing).
>>
>> You will find some example hooks in the file "goodies/hooks.txt" in 
>> the
>> Radiator distribution.
>>
>> regards
>>
>> Hugh
>>
>>
>> On Wednesday, Feb 5, 2003, at 06:39 Australia/Melbourne, William 
>> Taylor
>> wrote:
>>
>>> Ok guys, Im trying to finish up my migration off of livingston 
>>> radius.
>>> Here is what I would like to do.
>>>
>>>  Currently in radiator I am authing users out of an SQL database.
>>>
>>> Some of my users have Static IP address and Framed routes.
>>>  For these users I had entries in the Users File in livingston.
>>>
>>> For other users I had differnt default entries based on what group 
>>> they
>>> belong to.
>>> Some users can use 1 port or 2 ports.
>>> Some users have differnt Session Timouts.
>>>
>>> What I would like to do is:
>>>
>>>   AuthSelect select password,gid,replyattr from users where
>>> username='%U' AND isactive <> 0  ( 0 means locked users in my 
>>> database
>>> )
>>>
>>> now if their replyattr is not NULL in the database send it along. 
>>> This
>>> would be for the static folks.
>>> Now since I don't want a billion (ok not a billion) entries in my
>>> database that are the same:
>>>
>>> If replyattr is NULL I would like to go
>>>
>>>  if($gid == 200 ) {
>>>   send this replyattr:
>>>     Idle=Timeout = 1220,
>>>     Session-Timeout = 86400,
>>>     Port-Limit = 2
>>>  } elsif ($gid == 201 ) {
>>>    send this other replyattr :
>>>     Idle=Timeout = 1220,
>>>     Session-Timeout = 86400,
>>>     Port-Limit = 1
>>>  } else {
>>>     reject the call because there is no matching gid (maybe it's a
>>> mailbox account)
>>>  }
>>>
>>> Is this doable?
>>> Also do you know if there is a way to say if they connect with an 
>>> ISDN
>>> line but they are using a dialup username, reject the call or make it
>>> so
>>> they only connect at 56K?
>>> Any help would be great.
>>>
>>> Thanks,
>>>   William
>>>
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>
> ===
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows 95/98/2000, NT, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.

===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list