(RADIATOR) Proxy hook or something

Hugh Irvine hugh at open.com.au
Tue Jun 20 01:40:37 CDT 2006


Hello Toomas -

I tend to agree with you, and I would use an AuthBy INTERNAL as  
described in my previous mail to you.

See section 5.48 in the Radiator 3.15 reference manual ("doc/ref.html").

regards

Hugh


On 20 Jun 2006, at 16:17, Toomas Kärner wrote:

> Hello Frank,
>
> You understood my problem correctly.
> Is this the best available solution? I wouldn't like to use hooks to
> call AuthBys because the system is complicated enough and if I start
> doing this I will loose any hope that some one else can manage it in
> the future.
> I guess I'll rearrange some processing in the previous proxy stage and
> packet modification to accommodate this foreign "class" versus my own
> "class" attribute replacement.
> But any additional ideas probably could give me something useful
> although I have pretty much figured out how and what to do ...
>
> Rgds.
> Toomas
>
>
> Tuesday, June 20, 2006, 3:08:33 AM, you wrote:
>
>> Hi Toomas-
>
>> If I understand you correctly you have a handler with some number of
>> AuthBy's and an AuthBy RADIUS at the end. You want to do some packet
>> processing after the second to last AuthBy and before the AuthBy  
>> RADIUS.
>
>> So how about taking the AuthBy RADIUS out of the handler and  
>> calling it from
>> a PostAuth Hook?
>
>> Something like this should work to get you started. I've borrowed  
>> liberally
>> from the examples provided in the goodies and not tested it myself.
>
>> <AuthBy RADIUS>
>>         Identifier proxytoremote
>>         Host .....
>>         Secret .....
>> </AuthBy>
>
>> <Handler>
>>         <AuthBy Something>
>>         </AuthBy>
>>         <AuthBy Something Else>
>>         </AuthBy>
>>         PostAuthHook file:"%D/preproxy"
>> </Handler>
>
>> preproxy-
>
>> sub {
>
>>     my $p = ${$_[0]};
>>     my $rp = ${$_[1]};
>>     my $rc = ${$_[2]};
>>     my $reason = ${$_[3]};
>>     my $authby;
>>     my $identifier='proxytoremote';
>
>>     #some custom packet processing here
>
>>     if ($authby = Radius::AuthGeneric::find($identifier))
>>     {
>>         &main::log($main::LOG_DEBUG, "Found AuthBy with Identifier
>> $identifier");
>>         ($rc, $reason) = $authby->handle_request($p, $rp);
>>       $rp->set_code($rc);
>>     }
>>     else
>>     {
>>         &main::log($main::LOG_ERR, "No AuthBy with Identifier  
>> $identifier");
>
>>         $rp->set_code('Access-Reject');
>>     }
>>     return;
>> }
>
>> Frank Danielson
>> Infrastructure Architect
>
>> ClearSky Mobile Media
>> 56 E. Pine St.
>> Orlando, FL 32801
>> USA
>
>> fdanielson at csky.com
>
>> -----Original Message-----
>> From: Toomas Kärner [mailto:tomkar at estpak.ee]
>> Sent: Monday, June 19, 2006 9:25 AM
>> To: radiator at open.com.au
>> Subject: (RADIATOR) Proxy hook or something
>
>
>> Forgot to change the subject.
>> Sorry.
>
>> Monday, June 19, 2006, 3:08:53 PM, you wrote:
>
>>> Hello All/Hugh,
>
>>> In order to get some funky remote provider class attribute  
>>> caching to
>>> work I need to run a hook after everything is done with AuthBy's and
>>> just before sending the Accounting request to remote partner.
>>> ReplyHook and NoReplyHook are no good since they are triggered by
>>> incoming packet or by timeout. I would need something like
>>> PostAuthHook in the outbound direction of Acct proxy.
>>> Any ideas?
>>> One is just to put another proxy in between that does all needed in
>>> the "pre" phase of processing....
>
>>> Rgds.
>>> Toomas
>
>>> --
>>> Archive at http://www.open.com.au/archives/radiator/
>>> Announcements on radiator-announce at open.com.au
>>> To unsubscribe, email 'majordomo at open.com.au' with
>>> 'unsubscribe radiator' in the body of the message.
>
>
>> --
>> Archive at http://www.open.com.au/archives/radiator/
>> Announcements on radiator-announce at open.com.au
>> To unsubscribe, email 'majordomo at open.com.au' with
>> 'unsubscribe radiator' in the body of the message.
>
>
>
>
> --
> Archive at http://www.open.com.au/archives/radiator/
> Announcements on radiator-announce at open.com.au
> To unsubscribe, email 'majordomo at open.com.au' with
> 'unsubscribe radiator' in the body of the message.


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.



--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list