(RADIATOR) user profiles

Hugh Irvine hugh at open.com.au
Wed Oct 4 20:35:27 CDT 2006 

Hello Jorge -

I am not quite clear on what you are wanting to do, but in what you  
show below you are adding an attribute called "Profile" to the reply  
in your first AuthBy FILE, but you are checking for the "Profile"  
attribute in the request (not the reply) in your second AuthBy FILE.

If you can give me more detail on your requirements I will try to  
make some suggestions.

regards

Hugh


On 4 Oct 2006, at 20:42, Jorge Bras wrote:

> hi there,
>
> I would like to add some check items to my users profiles.
>
> For what I have read, I need to add the Profile to the Request,  
> don't know how to do it.
> Have tried with AddToRequest, but didn't worked.
>
> After digging around in the mailing list archives, the best I could  
> find was this mail,
> http://www.open.com.au/archives/radiator/2006-01/msg00006.html .
>
> Here's my radius.cfg:
>
> <AuthBy FILE>
>     Identifier Check_VPN_Users
>     RejectEmptyPassword
>     Filename %D/vpn-users
> </AuthBy>
>
> <AuthBy FILE>
>     Identifier Check_VPN_Profiles
>     Filename %D/vpn-profiles
> </AuthBy>
>
> <Handler Realm="vpn.test">
>     UsernameCharset a-zA-Z0-9\.-_@
>     RewriteUsername   tr/A-Z/a-z/
>     RewriteUsername   s/^([^@]+)\@vpn.test /$1/
>
>     # Authentication
>     AuthByPolicy ContinueWhileAccept
>     AuthBy Check_VPN_Users
>     AuthBy Check_VPN_Profiles
>
>     # Authentication Log
>     AuthLog DefaultAuthLog
>     AuthLog SQLAuthLog
>
>     # Log accounting to a detail file
>     AcctLogFileName %L/detail
> </Handler>
>
> vpn-users file:
> test      User-Password = "{crypt}tEfWdlRzfeGzQ"
>                 Expiration = "2006-12-30 23:30:00"
>                 Profile = "guest"
> vpn-profiles file:
> DEFAULT Profile=consultor, Time = "MoTuWeThFr0900-1700"
>                 Session-Timeout = 900,
>                 Idle-Timeout = 300
>
> Log:
>
> Wed Oct  4 11:27:11 2006: DEBUG: Packet dump:
> *** Received from X.X.X.X port 1025 ....
> Code:       Access-Request
> Identifier: 153
> Authentic:  1<22><151><132>m<162>3<240>i<238><143><28>%<250><171><8>
> Attributes:
>         User-Name = "test at vpn.test"
>         User-Password = <152>g<193><209><239><247><195>C/|<173>~/ 
> <172><209><157>
>         NAS-Port = 28
>         Service-Type = Framed-User
>         Framed-Protocol = PPP
>         Called-Station-Id = "Y.Y.Y.Y"
>         Calling-Station-Id = "Z.Z.Z.Z"
>         Tunnel-Client-Endpoint = Z.Z.Z.Z
>         NAS-IP-Address = X.X.X.X
>         NAS-Port-Type = Virtual
>         cisco-avpair = "ip:source-ip=Z.Z.Z.Z"
>
> Wed Oct  4 11:27:11 2006: DEBUG: Handling request with Handler  
> 'Service-Type=Framed-User,Called-Station-Id=" Y.Y.Y.Y"'
> Wed Oct  4 11:27:11 2006: DEBUG: Rewrote user name to test at vpn.test
> Wed Oct  4 11:27:11 2006: DEBUG: Rewrote user name to test
> Wed Oct  4 11:27:11 2006: DEBUG:  Deleting session for  
> test at vpn.test, X.X.X.X, 28
> Wed Oct  4 11:27:11 2006: DEBUG: do query is: 'delete from  
> RADONLINE where USERNAME='test' and NASIDENTIFIER='X.X.X.X' and  
> NASPORT=028':
> Wed Oct  4 11:27:11 2006: DEBUG: Handling with Radius::AuthFILE:  
> Check_VPN_Users
> Wed Oct  4 11:27:11 2006: DEBUG: Radius::AuthFILE looks for match  
> with test [test at vpn.test]
> Wed Oct  4 11:27:11 2006: DEBUG: Radius::AuthFILE ACCEPT: : test  
> [ test at vpn.test]
> Wed Oct  4 11:27:11 2006: DEBUG: AuthBy FILE result: ACCEPT,
> Wed Oct  4 11:27:11 2006: DEBUG: Handling with Radius::AuthFILE:  
> Check_VPN_Profiles
> Wed Oct  4 11:27:11 2006: DEBUG: Radius::AuthFILE looks for match  
> with test [ test at vpn.test]
> Wed Oct  4 11:27:11 2006: DEBUG: Radius::AuthFILE REJECT: No such  
> user: test [test at vpn.test]
> Wed Oct  4 11:27:11 2006: DEBUG: Radius::AuthFILE looks for match  
> with DEFAULT [ test at vpn.test]
> Wed Oct  4 11:27:11 2006: DEBUG: Radius::AuthFILE REJECT: Check  
> item Profile expression 'guest' does not match '' in request:  
> DEFAULT [test at vpn.test ]
> Wed Oct  4 11:27:11 2006: DEBUG: AuthBy FILE result: REJECT, Check  
> item Profile expression 'guest' does not match '' in request
> Wed Oct  4 11:27:11 2006: INFO: Access rejected for u001: Check  
> item Profile expression 'guest' does not match '' in request
> Wed Oct  4 11:27:11 2006: DEBUG: do query is: 'insert into  
> RADAUTHLOG (TIME_STAMP, USERNAME, TYPE, REASON) values (1159957631,  
> 'test', 0, 'Check item Profile expression \'guest\' does not match  
> \'\' in request')':
> Wed Oct  4 11:27:11 2006: WARNING: Invalid reply item Expiration  
> ignored
> Wed Oct  4 11:27:11 2006: WARNING: No such attribute Profile
> Wed Oct  4 11:27:11 2006: DEBUG: Packet dump:
> *** Sending to 192.168.0.1 port 1025 ....
> Code:       Access-Reject
> Identifier: 153
> Authentic:  1<22><151><132>m<162>3<240>i<238><143><28>%<250><171><8>
> Attributes:
>         Expiration = "2006-12-30 23:30:00"
>         Profile = guest
>         Reply-Message = "Request Denied"
>
>
> Thanks.
>
> -- 
> ./bras



NB:

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/ 
radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.


--
Archive at http://www.open.com.au/archives/radiator/
Announcements on radiator-announce at open.com.au
To unsubscribe, email 'majordomo at open.com.au' with
'unsubscribe radiator' in the body of the message.

More information about the radiator mailing list