(RADIATOR) getting proxy details

Hugh Irvine hugh at open.com.au
Sun May 28 16:24:55 CDT 2006


Hello Gareth -

You will usually find the address of the originiating NAS in the NAS- 
IP-Address attribute in the request.

Have a look at a trace 4 debug to see what attributes are present in  
the radius requests that you are receiving.

If the requests are being proxied, you will need to have a Client  
clause for the proxy in your configuration file and you can do  
something like this:


<Client 1.1.1.1>
	Identifier ProxyA
	.....
</Client>


Then your hook can use something like this:

	my $clientid = $p->{Client}->{Identifier}

See the example hooks in "goodies/hooks.txt".

regards

Hugh


On 28 May 2006, at 21:42, Gareth Hopkins wrote:

> On Sat, 27 May 2006, Hugh Irvine wrote:
>
> HI>
> HI>Hello Gareth -
> HI>
> HI>I'm sorry but I don't understand the question - could you give  
> me a bit more
> HI>detail please?
>
> Hi Hugh,
>
> The way we do authentication is based on nasip addresses where  
> different nas's
> support different services. So we rewrite username to  
> username:service and if
> the request comes from a nas that provides that service, the user gets
> authenticated.
>
> Example:
> --------
> NAS 10.1.0.1 - service A
> NAS 10.1.0.2 - service B
>
> username:servicea gets authenticated against requests from 10.1.0.1
> username:serviceb gets authenticated against requests from 10.1.0.2
>
> We get a number of requests from nas's that we do not administer  
> whose requests
> are proxied to us so unless we know the IP address of the NAS we  
> are unable to
> authenticate based on the above authentication model. What I am  
> wanting to do
> is view the proxy address for requests that are proxied to us in  
> the same way
> we view the nas IP address using getNasId.
>
> So is there anyway to do the above with something like getProxyId ?
>
> Thanks :)
>
> HI>On 27 May 2006, at 03:18, Gareth Hopkins wrote:
> HI>
> HI>>
> HI>> Howdie,
> HI>>
> HI>> 	I am currently using a preauth hook to rewrite usernames based
> HI>> on nas IP addresses. So user foo from nas 1 becomes foo1 and  
> user bar
> HI>> from nas 2 becomes bar2. Am using the getNasId hook and this  
> works
> HI>> perfectly.
> HI>>
> HI>> <snip>
> HI>>
> HI>> $nas_id = ${$_[0]}->getNasId();
> HI>>
> HI>> </snip>
> HI>>
> HI>> 	Is there anyway to extract a proxy servers IP from requests that
> HI>> are proxied to do something similar where user foo from nasx  
> and proxy1
> HI>> becomes foo1 ?
> HI>>
> HI>> Thanks
> HI>>
> HI>> ---
> HI>> Gareth Hopkins
> HI>> Verizon Business
> HI>> System Operations
> HI>>
> HI>> Telephone + 27 21 658 8519
> HI>> Mobile +27 82 929 6668
> HI>> Fax +27 21 658 8552
> HI>>
> HI>> UUNET SA is now operating as Verizon Business.
> HI>>
> HI>> Verizon Business is a brand of Verizon South Africa (Pty) Ltd.  
> This e-mail
> HI>> is strictly confidential and intended only for
> HI>> use by the addressee unless otherwise indicated.
> HI>>
> HI>> --
> HI>> Archive at http://www.open.com.au/archives/radiator/
> HI>> Announcements on radiator-announce at open.com.au
> HI>> To unsubscribe, email 'majordomo at open.com.au' with
> HI>> 'unsubscribe radiator' in the body of the message.
> HI>
> HI>
> HI>NB:
> HI>
> HI>Have you read the reference manual ("doc/ref.html")?
> HI>Have you searched the mailing list archive (www.open.com.au/ 
> archives/
> HI>radiator)?
> HI>Have you had a quick look on Google (www.google.com)?
> HI>Have you included a copy of your configuration file (no secrets),
> HI>together with a trace 4 debug showing what is happening?
> HI>
> HI>--
> HI>Radiator: the most portable, flexible and configurable RADIUS  
> server
> HI>anywhere. Available on *NIX, *BSD, Windows, MacOS X.
> HI>-
> HI>Nets: internetwork inventory and management - graphical,  
> extensible,
> HI>flexible with hardware, software, platform and database  
> independence.
> HI>-
> HI>CATool: Private Certificate Authority for Unix and Unix-like  
> systems.
> HI>
> HI>
>
> ---
> Gareth Hopkins
> Verizon Business
> System Operations
>
> Telephone + 27 21 658 8519
> Mobile +27 82 929 6668
> Fax +27 21 658 8552
>
> UUNET SA is now operating as Verizon Business.
>
> Verizon Business is a brand of Verizon South Africa (Pty) Ltd. This  
> e-mail is strictly confidential and intended only for
> use by the addressee unless otherwise indicated.


NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.


More information about the radiator mailing list