(RADIATOR) Accessing radiator internals from a postauthhook?

Alexander Sharaz A.Sharaz at hull.ac.uk
Thu Jan 19 16:09:42 CST 2006


You wouldn't happen to be talking about foundry equipment by any chance.
:-))
I've been shouting at them about the fact that they do NO dot1X radius
accounting at all at the moment.
In theory they're going to implement it on the fastiron chassis ... but
I haven't got anything in writing yet.

Guess I'd like to say yes anything that could generate some form of
accounting records for foundry kit would be great, we've got a lot of
client ports out there plugged into foundry kit
Alex


-----Original Message-----
From: owner-radiator at open.com.au [mailto:owner-radiator at open.com.au] On
Behalf Of Jeff Wolfe
Sent: 19 January 2006 19:42
To: radiator at open.com.au
Subject: (RADIATOR) Accessing radiator internals from a postauthhook?



I'm trying to work around a deficiency in the implementation of RADIUS 
on some of our network hardware. In particular, several vendors' 
switches do 802.1x just fine, but do not produce any useful information 
in RADIUS accounting messages.

To work around this problem, I would like to have a postauthhook log 
certain information from an .1x access-request operation, but only for 
certain NASes. Since <ClientListSQL> already imports enough information 
for my code to discriminate between NASes, I would like to access that 
information instead of going out and hitting the SQL db for each 
authentication operation.

So the logic would go:

Postauthhook:

	Look up NAS
	
	if  br0ken
		 do additional logging
       	else
		ignore.


Unfortunately, the current TTLS eap_anon_hook isn't enough.. These 
particular NASes either don't do RADIUS accounting, or only log useful 
information like the EAP outer identity and  start time, so there's 
nothing unique to tie the info in the access request with the accounting

packets.

Actually, is there a description of the request object anywhere, too? :)
Once I get this stuff sorted out, I need to pull the relevant bits out 
of the request packet.

I've been over the manual once, but nothing jumped out at me.

Thanks.

-JEff

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list