(RADIATOR) AcctLogFileFormat and multiple cisco-avpairs

Hugh Irvine hugh at open.com.au
Mon Jul 5 17:02:22 CDT 2004


Hello Nicolai -

The standard Radiator code cannot differentiate between multiple 
instances of the same attribute which is why you are seeing this 
behaviour. The simplest approach is to write a hook to parse the list 
of cisco-avpair's and create additional attributes in the request that 
you can then access directly. This topic has been discussed on the 
mailing list and some example hook code was posted too.

regards

Hugh


On 6 Jul 2004, at 06:42, Nicolai van der Smagt wrote:

> Hello,
>
> We are using Radiator for handling TACACS+ requests. I am trying to 
> change the format of command accounting from the default:
>
> Mon Jul  5 16:29:04 2004
>         NAS-IP-Address = 192.168.0.252
>         NAS-Port-Id = "tty1"
>         Calling-Station-Id = "192.168.0.142/<0>"
>         Timestamp = 1089037744
>         NAS-Identifier = "TACACS"
>         User-Name = "nsmagt"
>         cisco-avpair = "task_id=133<0>"
>         cisco-avpair = "service=shell"
>         cisco-avpair = "timezone=UTC"
>         cisco-avpair = "priv-lvl=15<0>"
>         cisco-avpair = "cmd=configure terminal <cr>"
>         Timestamp = 1089037744
>
> To a one-liner something like this:
>
> Jul  5, 2004 16:46 nsmagt at 192.168.0.142 tty2 at 192.168.0.252 task_id=144 
> service=shell timezone=UTC priv-lvl=15 cmd=configure terminal
>
> using AcctLogFileFormat directive. I tried:
>
> AcctLogFileFormat       %B %{User-Name}@%{Calling-Station-Id}\010 
> %{NAS-Port-Id}@%N %{cisco-avpair} %{cisco-avpair} %{cisco-avpair} 
> %{cisco-avpair} %{cisco-avpair}
>
> This results in:
>
> Jul  5, 2004 17:10 nsmagt at 192.168.0.142 tty1 at 192.168.0.252 task_id=151 
> task_id=151 task_id=151 task_id=151 task_id=151
>
> So apparently %cisco-avpair only holds the first cisco-avpair from the 
> accounting request. What variable can I use in
> the AcctLogFileFormat to describe the subsequent cisco-avpairs in the 
> accounting request?
> -- 
> Mvg,
>
> Nicolai van der Smagt	~	  BBned NV.
> Security Officer	~	BBeyond BV.
> PGP ~ http://www.bbned.nl/pgp/security.txt
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>
>

NB: have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list