(RADIATOR) PostAuthHook & AuthLog SQL

Hugh Irvine hugh at open.com.au
Wed Oct 12 19:11:10 CDT 2005 

Hello Jason -

You should return the reason string in the fourth parameter.

Here is an example from "goodies/hooks.txt".


This is an example PostAuthHook showing how to cause a REJECT.
Note the definition of $handled and $reason.
Also note the use of $$handled and $$reason.

sub
{
     my $p = ${$_[0]};
     my $rp = ${$_[1]};
     my $handled = $_[2];
     my $reason = $_[3];

     my $code = $p->code;

     return unless $code eq 'Access-Request';

     my $timeout = $rp->get_attr('Session-Timeout');

     if($timeout <= 0)
     {
         $$handled = $main::REJECT;
         $$reason = 'No time remaining';
     }
}


regards

Hugh


On 13 Oct 2005, at 09:53, jason at freemotion.bb wrote:

> Yes RejectHasReason has been defind.
> and every other problem, ie bad password, Expireation passed etc
>
> can you think of anything else...
>
> Jason
>
> Quoting Hugh Irvine <hugh at open.com.au>:
>
>
>>
>> Hello Jason -
>>
>> Have you configured RejectHasReason in the Realm?
>>
>> See section 6.17.23 in the Radiator 3.13 reference manual.
>>
>> There are also a number of example hooks in "goodies/hooks.txt".
>>
>> regards
>>
>> Hugh
>>
>>
>> On 13 Oct 2005, at 04:20, jason at freemotion.bb wrote:
>>
>>
>>> i have built a post auth hook to check to see if people are  
>>> logging  into where
>>> they are suppose to be and it works a treet but i have one  
>>> problem,  when it
>>> rejects some one and gose to log an error with AuthLog SQL it  
>>> dos  not give a
>>> reason the %1 veriable returns a Null.
>>>
>>> here is the hook and a trace
>>>
>>> i hope some one can tell me how to get this to log a reason..
>>>
>>> --------- hook   
>>> code---------------------------------------------------------
>>>
>>> sub {
>>>     &main::log($main::LOG_DEBUG, "Entering PostAuthHook");
>>>
>>>     my $p = ${$_[0]};
>>>     my $rp = ${$_[1]};
>>>     my $result = ${$_[2]};
>>>
>>>     my $porttype = $p->get_attr('NAS-Port-Type');
>>>     my $uname = $p->get_attr('User-Name');
>>>
>>>     &main::log($main::LOG_DEBUG, "PostAuthHook$porttype, $uname");
>>>
>>>     my $dbh = DBI->connect( qq[DBI:ODBC:XXXXXXX],'XXXXX','XXXXXXX' )
>>>     or die &main::log($main::LOG_DEBUG,qq[PreAuth cliCheck():   
>>> $DBI::errstr\n]);
>>>
>>>     my $sql = qq[select login, PortTypeAllowed from SubAccounts  
>>> where
>>> login=\'$uname'];
>>>
>>>     my $sth = $dbh->prepare($sql); $sth->execute;
>>>
>>>     while (my @r = $sth->fetchrow_array) {
>>>     if (@r) {
>>>                my ($u, $r) = @r;
>>>                &main::log($main::LOG_DEBUG,qq[Checking Port type   
>>> allowance for
>>> $uname]);
>>>                if (($result == $main::ACCEPT) && ($porttype ne $r))
>>>         {
>>>         &main::log($main::LOG_DEBUG,qq[Warning: User $uname port   
>>> type wrong.]);
>>>         ${$_[2]} = $main::REJECT;
>>>         ${$_[1]}->change_attr('Reply-Message' , 'Sorry you are  
>>> not  allowed on that
>>> port.')
>>>
>>>         }
>>>             }
>>>      }
>>>
>>>    $dbh->disconnect;
>>>    return;
>>> }
>>>
>>>
>>> -------------- trace -------------------------------
>>>
>>> Wed Oct 12 14:04:46 2005: DEBUG: Radius::AuthSQL ACCEPT:
>>> Wed Oct 12 14:04:46 2005: DEBUG: Entering PostAuthHook
>>> Wed Oct 12 14:04:46 2005: DEBUG: PostAuthHook Ethernet, jason
>>> Wed Oct 12 14:04:46 2005: DEBUG: Checking Port type allowance  
>>> for  jason
>>> Wed Oct 12 14:04:46 2005: DEBUG: Warning: User jason port type  
>>> wrong.
>>> Wed Oct 12 14:04:46 2005: INFO: Access rejected for jason:
>>> Wed Oct 12 14:04:46 2005: DEBUG: do query is: 'INSERT into  
>>> RadLogs  (RadLogMsgID,
>>> LogDate,Username,Data,NASIdentifier,NASport,CallerID) values   
>>> (NULL,GETDATE(),'ja
>>> son','','xxx.xxx.xxx.50','179','00:0D:60:7A:0C:FE')':
>>>
>>> Wed Oct 12 14:04:46 2005: DEBUG: Packet dump:
>>> *** Sending to 200.50.75.50 port 1032 ....
>>> Code:       Access-Reject
>>> Identifier: 71
>>> Authentic:  ZgA):<194>N<210><220><149>H<171><217><241><127><138>
>>> Attributes:
>>>         MS-CHAP2-Success =   
>>> "<1>S=B7207EDDAD07494EFB69F35F7FE7074498A0BDA8"
>>>         Session-Timeout = 887640
>>>         Service-Type = 2
>>>         Framed-Protocol = 1
>>>         Framed-Compression = 1
>>>         Reply-Message = "Sorry you are not allowed on that port."
>>>
>>> ----------------------------------------------------------------
>>> This message was sent using IMP, the Internet Messaging Program.
>>>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>>>
>>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive (www.open.com.au/ 
>> archives/ radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>>
>> -- 
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>>
>>
>
>
>
> ----------------------------------------------------------------
> This message was sent using IMP, the Internet Messaging Program.
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.
>


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list