(RADIATOR) user profiles

Jorge Bras jorge.bras at gmail.com
Wed Oct 4 05:42:58 CDT 2006 

hi there,

I would like to add some check items to my users profiles.

For what I have read, I need to add the Profile to the Request, don't know
how to do it.
Have tried with AddToRequest, but didn't worked.

After digging around in the mailing list archives, the best I could find was
this mail,
http://www.open.com.au/archives/radiator/2006-01/msg00006.html .

Here's my radius.cfg:

<AuthBy FILE>
    Identifier Check_VPN_Users
    RejectEmptyPassword
    Filename %D/vpn-users
</AuthBy>

<AuthBy FILE>
    Identifier Check_VPN_Profiles
    Filename %D/vpn-profiles
</AuthBy>

<Handler Realm="vpn.test">
    UsernameCharset a-zA-Z0-9\.-_@
    RewriteUsername   tr/A-Z/a-z/
    RewriteUsername   s/^([^@]+)\@vpn.test/$1/

    # Authentication
    AuthByPolicy ContinueWhileAccept
    AuthBy Check_VPN_Users
    AuthBy Check_VPN_Profiles

    # Authentication Log
    AuthLog DefaultAuthLog
    AuthLog SQLAuthLog

    # Log accounting to a detail file
    AcctLogFileName %L/detail
</Handler>

vpn-users file:
test      User-Password = "{crypt}tEfWdlRzfeGzQ"
                Expiration = "2006-12-30 23:30:00"
                Profile = "guest"
vpn-profiles file:
DEFAULT Profile=consultor, Time = "MoTuWeThFr0900-1700"
                Session-Timeout = 900,
                Idle-Timeout = 300

Log:

Wed Oct  4 11:27:11 2006: DEBUG: Packet dump:
*** Received from X.X.X.X port 1025 ....
Code:       Access-Request
Identifier: 153
Authentic:  1<22><151><132>m<162>3<240>i<238><143><28>%<250><171><8>
Attributes:
        User-Name = "test at vpn.test"
        User-Password =
<152>g<193><209><239><247><195>C/|<173>~/<172><209><157>
        NAS-Port = 28
        Service-Type = Framed-User
        Framed-Protocol = PPP
        Called-Station-Id = "Y.Y.Y.Y"
        Calling-Station-Id = "Z.Z.Z.Z"
        Tunnel-Client-Endpoint = Z.Z.Z.Z
        NAS-IP-Address = X.X.X.X
        NAS-Port-Type = Virtual
        cisco-avpair = "ip:source-ip=Z.Z.Z.Z"

Wed Oct  4 11:27:11 2006: DEBUG: Handling request with Handler
'Service-Type=Framed-User,Called-Station-Id="Y.Y.Y.Y"'
Wed Oct  4 11:27:11 2006: DEBUG: Rewrote user name to test at vpn.test
Wed Oct  4 11:27:11 2006: DEBUG: Rewrote user name to test
Wed Oct  4 11:27:11 2006: DEBUG:  Deleting session for test at vpn.test,
X.X.X.X, 28
Wed Oct  4 11:27:11 2006: DEBUG: do query is: 'delete from RADONLINE where
USERNAME='test' and NASIDENTIFIER='X.X.X.X' and NASPORT=028':
Wed Oct  4 11:27:11 2006: DEBUG: Handling with Radius::AuthFILE:
Check_VPN_Users
Wed Oct  4 11:27:11 2006: DEBUG: Radius::AuthFILE looks for match with test
[test at vpn.test]
Wed Oct  4 11:27:11 2006: DEBUG: Radius::AuthFILE ACCEPT: : test [
test at vpn.test]
Wed Oct  4 11:27:11 2006: DEBUG: AuthBy FILE result: ACCEPT,
Wed Oct  4 11:27:11 2006: DEBUG: Handling with Radius::AuthFILE:
Check_VPN_Profiles
Wed Oct  4 11:27:11 2006: DEBUG: Radius::AuthFILE looks for match with test
[test at vpn.test]
Wed Oct  4 11:27:11 2006: DEBUG: Radius::AuthFILE REJECT: No such user: test
[test at vpn.test]
Wed Oct  4 11:27:11 2006: DEBUG: Radius::AuthFILE looks for match with
DEFAULT [test at vpn.test]
Wed Oct  4 11:27:11 2006: DEBUG: Radius::AuthFILE REJECT: Check item Profile
expression 'guest' does not match '' in request: DEFAULT [test at vpn.test]
Wed Oct  4 11:27:11 2006: DEBUG: AuthBy FILE result: REJECT, Check item
Profile expression 'guest' does not match '' in request
Wed Oct  4 11:27:11 2006: INFO: Access rejected for u001: Check item Profile
expression 'guest' does not match '' in request
Wed Oct  4 11:27:11 2006: DEBUG: do query is: 'insert into RADAUTHLOG
(TIME_STAMP, USERNAME, TYPE, REASON) values (1159957631, 'test', 0, 'Check
item Profile expression \'guest\' does not match \'\' in request')':
Wed Oct  4 11:27:11 2006: WARNING: Invalid reply item Expiration ignored
Wed Oct  4 11:27:11 2006: WARNING: No such attribute Profile
Wed Oct  4 11:27:11 2006: DEBUG: Packet dump:
*** Sending to 192.168.0.1 port 1025 ....
Code:       Access-Reject
Identifier: 153
Authentic:  1<22><151><132>m<162>3<240>i<238><143><28>%<250><171><8>
Attributes:
        Expiration = "2006-12-30 23:30:00"
        Profile = guest
        Reply-Message = "Request Denied"


Thanks.

-- 
./bras
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://www.open.com.au/pipermail/radiator/attachments/20061004/64964ba6/attachment.html>

More information about the radiator mailing list