(RADIATOR) AuthBy External clause problem
Hugh Irvine
hugh at open.com.au
Thu Sep 4 00:48:44 CDT 2003
Hello Ganbold -
Please let me know how you go with ResultInOutput.
regards
Hugh
On Thursday, Sep 4, 2003, at 12:10 Australia/Melbourne, Ganbold wrote:
> Hi Hugh,
>
> I added following lines in AuthEXTERNAL.pm and tested radiator.
> -----------------------------------------------------------------------
> --------------------------------------
> . . . . . .
> my $exit = $?;
>
> # added lines
> # print exit code
> $self->log($main::LOG_DEBUG, "first Exit: $exit",$p);
> print "first Exit: $exit\n";
>
> # This usually sets $?
> close READER;
> # Sometimes need to do this too.
> $exit = $? if waitpid($pid, 0);
>
> # added lines
> # print exit code
> $self->log($main::LOG_DEBUG, "Exit: $exit",$p);
> print "Exit: $exit\n";
> . . . . . .
> -----------------------------------------------------------------------
> --------------------------------------
>
> External program returns exit status 0, but radiator somehow
> understands it as 768 which is 3 (768/256) and sends Access-Challenge.
>
> I also tested external program with following simple perl program,
> where test.txt contains access-requests. It also gets return value as
> 768.
>
> -----------------------------------------------------------------------
> --------------------------------------
> #!/usr/local/pin/perl
>
> $x = system("cat test.txt | calccredittime");
>
> print "return is: $x\n";
> exit 0;
> -----------------------------------------------------------------------
> --------------------------------------
> I wrote simple C program which gets command line argument and returns
> that argument as a exit status. Small perl program gets restult
> of program as it supposed to. Very strange.
>
>
> I don't know what should do, I'll try ResultInOutput switch in radius
> config and let's see what happens.
>
> Following is debug:
>
> Code: Access-Request
> Identifier: 9
> Authentic: <209><230>]<209><158><179>p<28>G<180><210>*tZ<176>@
> Attributes:
> User-Name = "44444444"
> User-Password = "<28>_<171>Tm9<183><211>$~<173>l<151><190>Y!"
> cisco-h323-conf-id = "h323-conf-id=07D022A7 DDB911D7 8008E236
> 347AF897"
> cisco-avpair = "h323-ivr-out=transactionID:8"
> Calling-Station-Id = "11323224"
> Called-Station-Id = "0011236"
> Service-Type = Login-User
> NAS-IP-Address = xxx.xxx.xxx.xxx
>
> Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
> Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
> Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
> Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
> Thu Sep 4 10:50:24 2003: DEBUG: Handling request with Handler
> 'User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/'
> Thu Sep 4 10:50:24 2003: DEBUG: Rewrote user name to 44444444
> Thu Sep 4 10:50:24 2003: DEBUG: Running command:
> d:\Radiator-3.6\hooks\CalcCreditTime
>
> Thu Sep 4 10:50:24 2003: DEBUG: first Exit: 1604
> ^ ^ ^ ^
> Thu Sep 4 10:50:24 2003: DEBUG: Exit: 768
> ^ ^ ^ ^
> Thu Sep 4 10:50:24 2003: DEBUG: Access challenged for 44444444:
> Thu Sep 4 10:50:24 2003: DEBUG: Packet dump:
> *** Sending to xxx.xxx.xxx.xxx port 21645 ....
> Code: Access-Challenge
> Identifier: 9
> Authentic: <209><230>]<209><158><179>p<28>G<180><210>*tZ<176>@
> Attributes:
> cisco-h323-return-code = "h323-return-code=0"
> cisco-h323-credit-time = "h323-credit-time=2516"
> Reply-Message = "first 5!"
>
>
>
> At 09:54 PM 9/3/2003 +1000, you wrote:
>
>> Hello Ganbold -
>>
>> It is possible that you may need to use "ResultInOutput" in this
>> environment.
>>
>> Have a look at the code in "Radius/AuthEXTERNAL.pm" and maybe add some
>> print statements so you can see what is happening. And please let us
>> know what you find.
>>
>> regards
>>
>> Hugh
>>
>>
>> On Wednesday, Sep 3, 2003, at 21:11 Australia/Melbourne, Ganbold
>> wrote:
>>
>>> Hi,
>>>
>>> I'm testing Radiator-3.6 in Windows 2000 advanced server.
>>> I'm using AuthBy External clause in handlers. But when external
>>> program
>>> returns 0 (Access-Accept) radiator understands it as a 3 and responds
>>> with Access-Challenge response. External program worked well in
>>> FreeBSD 5.1. It works in FreeBSD as it supposed to. However in
>>> Windows
>>> above problem occurs.
>>>
>>> How can I solve this problem? Is it OS issue? or there is something
>>> else?
>>> I really appreciate if somebody give the right solution.
>>>
>>> thanks in advance,
>>>
>>> Ganbold
>>> Micom CO.,Ltd
>>>
>>>
>>> ---------------------------------------------------------------------
>>> -- ---------------
>>> Trace 4 debug:
>>> ---------------------------------------------------------------------
>>> -- ---------------
>>>
>>> Code: Access-Request
>>> Identifier: 149
>>> Authentic:
>>> <157><201><20>5u<249><179><11><8><255><240><236>W<195><253>x
>>> Attributes:
>>> User-Name = "44444444"
>>> User-Password =
>>> "<159><192><246><10><228><184>Z<200>K<1><253><232><162>^Tv"
>>> cisco-h323-conf-id = "h323-conf-id=45135D12 DD3911D7 809F812C
>>> 9428BE9D"
>>> cisco-avpair = "h323-ivr-out=transactionID:114"
>>> Calling-Station-Id = "11323224"
>>> Called-Station-Id = "0011112365"
>>> Service-Type = Login-User
>>> NAS-IP-Address = xxx.xxx.xxx.xxx
>>>
>>> Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
>>> Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
>>> Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
>>> Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
>>> Wed Sep 3 19:36:01 2003: DEBUG: Handling request with Handler
>>> 'User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/'
>>> Wed Sep 3 19:36:01 2003: DEBUG: Rewrote user name to 44444444
>>> Wed Sep 3 19:36:01 2003: DEBUG: Running command:
>>> d:\Radiator-3.6\hooks\CalcCreditTime
>>> Wed Sep 3 19:36:01 2003: DEBUG: Access challenged for 44444444:
>>> Wed Sep 3 19:36:01 2003: DEBUG: Packet dump:
>>> *** Sending to xxx.xxx.xxx.xxx port 21661 ....
>>> Code: Access-Challenge
>>> Identifier: 149
>>> Authentic:
>>> <157><201><20>5u<249><179><11><8><255><240><236>W<195><253>x
>>> Attributes:
>>> cisco-h323-return-code = "h323-return-code=0"
>>> cisco-h323-credit-time = "h323-credit-time=1276"
>>> Reply-Message = "first 5!"
>>>
>>>
>>>
>>> ---------------------------------------------------------------------
>>> -- ---------------
>>> Below is my config:
>>> ---------------------------------------------------------------------
>>> -- ---------------
>>>
>>> #radius.cfg
>>>
>>> Foreground
>>> Trace 4
>>>
>>> AuthPort 1645
>>> AcctPort 1646
>>>
>>> LogDir d:\Radiator-3.6\log
>>> LogFile %L/logfile.txt
>>>
>>> DictionaryFile d:\Radiator-3.6\dictionary
>>>
>>> RewriteUsername s/^\s+//
>>> RewriteUsername s/\s+$//
>>> RewriteUsername s/\s+//g
>>> RewriteUsername tr/[A-Z]/[a-z]/
>>>
>>>
>>> <Client xxx.xxx.xxx.xxx>
>>> Secret xxx
>>> NasType Cisco
>>> SNMPCommunity MN-2008
>>> StatusServerShowClientDetails
>>> </Client>
>>>
>>>
>>> <AuthBy SQL>
>>> DBSource dbi:mysql:voip_prepaid:localhost
>>> DBUsername xxx
>>> DBAuth xxx
>>>
>>> Identifier VoipTerminate
>>>
>>> AuthSelect
>>>
>>> AccountingTable voip_termination
>>> AccountingStopsOnly
>>>
>>> AcctColumnDef nasipaddress,NAS-IP-Address
>>> AcctColumnDef cisco_nas_port,Cisco-NAS-Port
>>> AcctColumnDef username,User-Name
>>>
>>> AcctColumnDef calledstationid,Called-Station-Id
>>> AcctColumnDef callingstationid,Calling-Station-Id
>>>
>>> AcctColumnDef
>>> h323_gw_id,cisco-h323-gw-id,literal,trim(substring('%{cisco-h323-gw-
>>> id}',locate('=','%{cisco-h323-gw-id}')+1))
>>> AcctColumnDef
>>> h323_call_origin,cisco-h323-call-
>>> origin,literal,trim(substring('%{cisco-h323-call-
>>> origin}',locate('=','%{cisco-h323-call-origin}')+1))
>>> AcctColumnDef
>>> h323_call_type,cisco-h323-call-type,literal,trim(substring('%{cisco-
>>> h323-call-type}',locate('=','%{cisco-h323-call-type}')+1))
>>>
>>> AcctColumnDef
>>> h323_setup_time,cisco-h323-setup-
>>> time,literal,trim(substring('%{cisco-
>>> h323-setup-time}',locate('=','%{cisco-h323-setup-time}')+1))
>>> AcctColumnDef
>>> h323_connect_time,cisco-h323-connect-
>>> time,literal,trim(substring('%{cisco-h323-connect-
>>> time}',locate('=','%{cisco-h323-connect-time}')+1))
>>> AcctColumnDef
>>> h323_disconnect_time,cisco-h323-disconnect-
>>> time,literal,trim(substring('%{cisco-h323-disconnect-
>>> time}',locate('=','%{cisco-h323-disconnect-time}')+1))
>>> AcctColumnDef
>>> h323_disconnect_cause,cisco-h323-disconnect-
>>> cause,literal,trim(substring('%{cisco-h323-disconnect-
>>> cause}',locate('=','%{cisco-h323-disconnect-cause}')+1))
>>> AcctColumnDef
>>> h323_voice_quality,cisco-h323-voice-
>>> quality,literal,trim(substring('%{cisco-h323-voice-
>>> quality}',locate('=','%{cisco-h323-voice-quality}')+1))
>>> AcctColumnDef
>>> h323_remote_address,cisco-h323-remote-
>>> address,literal,trim(substring('%{cisco-h323-remote-
>>> address}',locate('=','%{cisco-h323-remote-address}')+1))
>>>
>>> AcctColumnDef acctstatustype,Acct-Status-Type
>>> AcctColumnDef acctdelaytime,Acct-Delay-Time,integer
>>> AcctColumnDef acctsessionid,Acct-Session-Id
>>> AcctColumnDef acctinputoctets,Acct-Input-Octets,integer
>>> AcctColumnDef acctoutputoctets,Acct-Output-Octets,integer
>>>
>>> AcctColumnDef acctsessiontime,Acct-Session-Time,integer
>>> AcctColumnDef time_stamp,Timestamp,integer
>>> </AuthBy>
>>>
>>> <AuthBy EXTERNAL>
>>> Identifier PSA
>>> DecryptPassword
>>> Command d:\Radiator-3.6\hooks\PSA
>>> </AuthBy>
>>> <AuthBy EXTERNAL>
>>> Identifier TransBalance
>>> DecryptPassword
>>> Command d:\Radiator-3.6\hooks\TransBalance
>>> </AuthBy>
>>> <AuthBy EXTERNAL>
>>> Identifier CalcCreditTime
>>> DecryptPassword
>>> StripFromReply Reply-Message
>>> Command d:\Radiator-3.6\hooks\CalcCreditTime
>>> </AuthBy>
>>> <AuthBy EXTERNAL>
>>> Identifier CalcCreditAmount
>>> DecryptPassword
>>> StripFromReply Reply-Message
>>> Command d:\Radiator-3.6\hooks\CalcCreditAmount
>>> </AuthBy>
>>>
>>> # 2 termination handler
>>> <Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop,
>>> cisco-h323-call-origin = /originate$/, cisco-h323-call-type =
>>> /Telephony$/>
>>> AuthBy VoipTerminate
>>> </Handler>
>>> <Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop,
>>> cisco-h323-call-origin = /answer$/, cisco-h323-call-type = /VoIP$/>
>>> AuthBy VoipTerminate
>>> </Handler>
>>>
>>>
>>> <Handler Request-Type = Accounting-Request, Acct-Status-Type = Start>
>>> PostAuthHook file:"d:\Radiator-3.6\hooks\AcctResponse"
>>> </Handler>
>>>
>>> <Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop,
>>> User-Name = /^([0-9])+$/>
>>> AuthBy CalcCreditAmount
>>> PostAuthHook file:"d:\Radiator-3.6\hooks\AcctResponse"
>>> </Handler>
>>>
>>> <Handler Request-Type = Accounting-Request, Acct-Status-Type = Stop,
>>> User-Name = /^([0-9])+%([0-9])+$/>
>>> PostAuthHook file:"d:\Radiator-3.6\hooks\AcctResponse"
>>> </Handler>
>>>
>>> <Handler User-Name = /^([0-9])+%([0-9])+$/>
>>> RewriteUsername s/^([^@]+).*/$1/
>>> RejectHasReason
>>> StripFromReply Reply-Message
>>> AccountingHandled
>>> AuthBy TransBalance
>>> </Handler>
>>>
>>> <Handler User-Name = /^([0-9])+$/, Called-Station-Id = /^([0-9])+$/>
>>> RewriteUsername s/^([^@]+).*/$1/
>>> RejectHasReason
>>> # StripFromReply Reply-Message
>>> AccountingHandled
>>> AuthBy CalcCreditTime
>>> </Handler>
>>>
>>> # skip error
>>> <Handler User-Name = ERROR>
>>> </Handler>
>>> <Handler User-Name = error>
>>> </Handler>
>>>
>>> <Handler User-Name = /^([0-9])+$/>
>>> RewriteUsername s/^([^@]+).*/$1/
>>> RejectHasReason
>>> StripFromReply Reply-Message
>>> AccountingHandled
>>> SessionDatabase SQL1
>>> AuthBy PSA
>>> </Handler>
>>>
>>>
>>> <SessionDatabase SQL>
>>> DBSource dbi:mysql:voip_prepaid:localhost
>>> DBUsername xxx
>>> DBAuth xxx
>>>
>>> Identifier SQL1
>>>
>>> AddQuery
>>> DeleteQuery
>>> ClearNasQuery delete from voip_online where
>>> NASIDENTIFIER='%N'
>>> CountQuery
>>> </SessionDatabase>
>>>
>>> ===
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>>
>>
>>
>> NB: have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>>
>> ===
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>
>
NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
===
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.
More information about the radiator
mailing list