(RADIATOR) MAC address filtering?

Jim Michael JMichael at chesterfield.mo.us
Wed Jan 26 15:33:52 CST 2005


Hi Hugh-

Ok, got the correct config and now Radiator throws the error:

"Unknown keyword PreHandlerHook in /etc/radiator/coc.cfg  line 50"

I cut and pasted your exact config from the email into the appropriate
place in the config, and didn't touch anything else. Apparently my
version of Radiator does not like the PreHandlerHook function? As for
patches, I'm running 3.11 LOCKED, with the November patches. Here's the
exact latest config:

Jim

START CONFIG
AuthPort 1812
AcctPort 1813
Foreground
LogStdout
LogDir		/var/log/radius
DbDir		/etc/radiator
# User a lower trace level in production systems:
Trace 		3

# You will probably want to add other Clients to suit your site,
# one for each NAS you want to work with
<Client DEFAULT>
	Secret	xxxxxxxx
	DupInterval 0
</Client>

<Handler TunnelledByTTLS=1>
	 AuthByPolicy ContinueWhileAccept
	<AuthBy FILE>
		AuthenticateAttribute Calling-Station-Id
		Filename %D/addresses.mac
	</AuthBy>
	<AuthBy LDAP2>
		Host 		ren.chesterfield.mo.us
		AuthDN		cn=admin,o=coc
		AuthPassword	xxxxxxxxxx
		BaseDN		ou=Users,o=Private
		UsernameAttr 	cn
		ServerChecksPassword
		SearchFilter (&(cn=%1)(cocWLANAllowed=true))
	</AuthBy>

</Handler>

<Handler>
	<AuthBy FILE>
		Filename /etc/radiator/users
		EAPType TTLS
		EAPTLS_CAFile /etc/radiator/certificates/digicert.pem
		EAPTLS_CertificateFile
/etc/radiator/certificates/star_chesterfield_mo_us.crt
		EAPTLS_CertificateType PEM
		EAPTLS_PrivateKeyFile
/etc/radiator/certificates/digicert.pem
		EAPTLS_PrivateKeyPassword xxxxxxxxxxxxx
		EAPTLS_MaxFragmentSize 1000
		AutoMPPEKeys
		PreHandlerHook sub
{${$_[0]}->add_attr('Calling-Station-Id', \
			${$_[0]}->{outerRequest}->get_attr('Calling-Station-Id'))}
	</AuthBy>

</Handler>
END CONFIG

>>> Hugh Irvine <hugh at open.com.au> 1/26/2005 2:55:21 PM >>>

Hello Jim -

We will need to see the configuration file, as the Calling-Station-Id 

is not being added to the inner request by the hook.

Have you installed the latest patches?

I agree - it is a simple requirement which is usually simple to  
implement - the problem here is the EAP overlay.

_sigh_

regards

Hugh



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list