(RADIATOR) PostAuthHook & AuthLog SQL

Hugh Irvine hugh at open.com.au
Wed Oct 12 17:44:04 CDT 2005 

Hello Jason -

Have you configured RejectHasReason in the Realm?

See section 6.17.23 in the Radiator 3.13 reference manual.

There are also a number of example hooks in "goodies/hooks.txt".

regards

Hugh


On 13 Oct 2005, at 04:20, jason at freemotion.bb wrote:

> i have built a post auth hook to check to see if people are logging  
> into where
> they are suppose to be and it works a treet but i have one problem,  
> when it
> rejects some one and gose to log an error with AuthLog SQL it dos  
> not give a
> reason the %1 veriable returns a Null.
>
> here is the hook and a trace
>
> i hope some one can tell me how to get this to log a reason..
>
> --------- hook  
> code---------------------------------------------------------
>
> sub {
>     &main::log($main::LOG_DEBUG, "Entering PostAuthHook");
>
>     my $p = ${$_[0]};
>     my $rp = ${$_[1]};
>     my $result = ${$_[2]};
>
>     my $porttype = $p->get_attr('NAS-Port-Type');
>     my $uname = $p->get_attr('User-Name');
>
>     &main::log($main::LOG_DEBUG, "PostAuthHook$porttype, $uname");
>
>     my $dbh = DBI->connect( qq[DBI:ODBC:XXXXXXX],'XXXXX','XXXXXXX' )
>     or die &main::log($main::LOG_DEBUG,qq[PreAuth cliCheck():  
> $DBI::errstr\n]);
>
>     my $sql = qq[select login, PortTypeAllowed from SubAccounts where
> login=\'$uname'];
>
>     my $sth = $dbh->prepare($sql); $sth->execute;
>
>     while (my @r = $sth->fetchrow_array) {
>     if (@r) {
>                my ($u, $r) = @r;
>                &main::log($main::LOG_DEBUG,qq[Checking Port type  
> allowance for
> $uname]);
>                if (($result == $main::ACCEPT) && ($porttype ne $r))
>         {
>         &main::log($main::LOG_DEBUG,qq[Warning: User $uname port  
> type wrong.]);
>         ${$_[2]} = $main::REJECT;
>         ${$_[1]}->change_attr('Reply-Message' , 'Sorry you are not  
> allowed on that
> port.')
>
>         }
>             }
>      }
>
>    $dbh->disconnect;
>    return;
> }
>
>
> -------------- trace -------------------------------
>
> Wed Oct 12 14:04:46 2005: DEBUG: Radius::AuthSQL ACCEPT:
> Wed Oct 12 14:04:46 2005: DEBUG: Entering PostAuthHook
> Wed Oct 12 14:04:46 2005: DEBUG: PostAuthHook Ethernet, jason
> Wed Oct 12 14:04:46 2005: DEBUG: Checking Port type allowance for  
> jason
> Wed Oct 12 14:04:46 2005: DEBUG: Warning: User jason port type wrong.
> Wed Oct 12 14:04:46 2005: INFO: Access rejected for jason:
> Wed Oct 12 14:04:46 2005: DEBUG: do query is: 'INSERT into RadLogs  
> (RadLogMsgID,
> LogDate,Username,Data,NASIdentifier,NASport,CallerID) values  
> (NULL,GETDATE(),'ja
> son','','xxx.xxx.xxx.50','179','00:0D:60:7A:0C:FE')':
>
> Wed Oct 12 14:04:46 2005: DEBUG: Packet dump:
> *** Sending to 200.50.75.50 port 1032 ....
> Code:       Access-Reject
> Identifier: 71
> Authentic:  ZgA):<194>N<210><220><149>H<171><217><241><127><138>
> Attributes:
>         MS-CHAP2-Success =  
> "<1>S=B7207EDDAD07494EFB69F35F7FE7074498A0BDA8"
>         Session-Timeout = 887640
>         Service-Type = 2
>         Framed-Protocol = 1
>         Framed-Compression = 1
>         Reply-Message = "Sorry you are not allowed on that port."
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list