(RADIATOR) PostAuthHook & AuthLog SQL

jason at freemotion.bb jason at freemotion.bb
Wed Oct 12 18:53:35 CDT 2005 

Yes RejectHasReason has been defind.
and every other problem, ie bad password, Expireation passed etc

can you think of anything else...

Jason

Quoting Hugh Irvine <hugh at open.com.au>:

>
> Hello Jason -
>
> Have you configured RejectHasReason in the Realm?
>
> See section 6.17.23 in the Radiator 3.13 reference manual.
>
> There are also a number of example hooks in "goodies/hooks.txt".
>
> regards
>
> Hugh
>
>
> On 13 Oct 2005, at 04:20, jason at freemotion.bb wrote:
>
>> i have built a post auth hook to check to see if people are logging  
>> into where
>> they are suppose to be and it works a treet but i have one problem,  when it
>> rejects some one and gose to log an error with AuthLog SQL it dos  
>> not give a
>> reason the %1 veriable returns a Null.
>>
>> here is the hook and a trace
>>
>> i hope some one can tell me how to get this to log a reason..
>>
>> --------- hook  
>> code---------------------------------------------------------
>>
>> sub {
>>     &main::log($main::LOG_DEBUG, "Entering PostAuthHook");
>>
>>     my $p = ${$_[0]};
>>     my $rp = ${$_[1]};
>>     my $result = ${$_[2]};
>>
>>     my $porttype = $p->get_attr('NAS-Port-Type');
>>     my $uname = $p->get_attr('User-Name');
>>
>>     &main::log($main::LOG_DEBUG, "PostAuthHook$porttype, $uname");
>>
>>     my $dbh = DBI->connect( qq[DBI:ODBC:XXXXXXX],'XXXXX','XXXXXXX' )
>>     or die &main::log($main::LOG_DEBUG,qq[PreAuth cliCheck():  
>> $DBI::errstr\n]);
>>
>>     my $sql = qq[select login, PortTypeAllowed from SubAccounts where
>> login=\'$uname'];
>>
>>     my $sth = $dbh->prepare($sql); $sth->execute;
>>
>>     while (my @r = $sth->fetchrow_array) {
>>     if (@r) {
>>                my ($u, $r) = @r;
>>                &main::log($main::LOG_DEBUG,qq[Checking Port type  
>> allowance for
>> $uname]);
>>                if (($result == $main::ACCEPT) && ($porttype ne $r))
>>         {
>>         &main::log($main::LOG_DEBUG,qq[Warning: User $uname port  
>> type wrong.]);
>>         ${$_[2]} = $main::REJECT;
>>         ${$_[1]}->change_attr('Reply-Message' , 'Sorry you are not  
>> allowed on that
>> port.')
>>
>>         }
>>             }
>>      }
>>
>>    $dbh->disconnect;
>>    return;
>> }
>>
>>
>> -------------- trace -------------------------------
>>
>> Wed Oct 12 14:04:46 2005: DEBUG: Radius::AuthSQL ACCEPT:
>> Wed Oct 12 14:04:46 2005: DEBUG: Entering PostAuthHook
>> Wed Oct 12 14:04:46 2005: DEBUG: PostAuthHook Ethernet, jason
>> Wed Oct 12 14:04:46 2005: DEBUG: Checking Port type allowance for  jason
>> Wed Oct 12 14:04:46 2005: DEBUG: Warning: User jason port type wrong.
>> Wed Oct 12 14:04:46 2005: INFO: Access rejected for jason:
>> Wed Oct 12 14:04:46 2005: DEBUG: do query is: 'INSERT into RadLogs  
>> (RadLogMsgID,
>> LogDate,Username,Data,NASIdentifier,NASport,CallerID) values  
>> (NULL,GETDATE(),'ja
>> son','','xxx.xxx.xxx.50','179','00:0D:60:7A:0C:FE')':
>>
>> Wed Oct 12 14:04:46 2005: DEBUG: Packet dump:
>> *** Sending to 200.50.75.50 port 1032 ....
>> Code:       Access-Reject
>> Identifier: 71
>> Authentic:  ZgA):<194>N<210><220><149>H<171><217><241><127><138>
>> Attributes:
>>         MS-CHAP2-Success =  "<1>S=B7207EDDAD07494EFB69F35F7FE7074498A0BDA8"
>>         Session-Timeout = 887640
>>         Service-Type = 2
>>         Framed-Protocol = 1
>>         Framed-Compression = 1
>>         Reply-Message = "Sorry you are not allowed on that port."
>>
>> ----------------------------------------------------------------
>> This message was sent using IMP, the Internet Messaging Program.
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/ 
> radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
> -- 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> -
> Nets: internetwork inventory and management - graphical, extensible,
> flexible with hardware, software, platform and database independence.
> -
> CATool: Private Certificate Authority for Unix and Unix-like systems.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>



----------------------------------------------------------------
This message was sent using IMP, the Internet Messaging Program.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list