(RADIATOR) Accessing radiator internals from a postauthhook?

Jeff Wolfe wolfe at ems.psu.edu
Thu Jan 19 13:41:55 CST 2006



I'm trying to work around a deficiency in the implementation of RADIUS 
on some of our network hardware. In particular, several vendors' 
switches do 802.1x just fine, but do not produce any useful information 
in RADIUS accounting messages.

To work around this problem, I would like to have a postauthhook log 
certain information from an .1x access-request operation, but only for 
certain NASes. Since <ClientListSQL> already imports enough information 
for my code to discriminate between NASes, I would like to access that 
information instead of going out and hitting the SQL db for each 
authentication operation.

So the logic would go:

Postauthhook:

	Look up NAS
	
	if  br0ken
		 do additional logging
       	else
		ignore.


Unfortunately, the current TTLS eap_anon_hook isn't enough.. These 
particular NASes either don't do RADIUS accounting, or only log useful 
information like the EAP outer identity and  start time, so there's 
nothing unique to tie the info in the access request with the accounting 
packets.

Actually, is there a description of the request object anywhere, too? :)
Once I get this stuff sorted out, I need to pull the relevant bits out 
of the request packet.

I've been over the manual once, but nothing jumped out at me.

Thanks.

-JEff

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list