[RADIATOR] preClientHook problem using ClientListSQL from version 3.15 to version 4.3.1
Hugh Irvine
hugh at open.com.au
Mon Jan 19 15:29:24 CST 2009
Hello Dario -
Thanks for letting me know.
regards
Hugh
On 20 Jan 2009, at 05:32, Dario Aguilar wrote:
>
> Hi Hugh, this solves our issue. thanks.
>
> regards,
>
> Dario.
>
>
> Hugh Irvine wrote:
>>
>>
>> Hello Dario -
>>
>> Thanks for your mail.
>>
>> There was a slight problem in the patch set that did not allow
>> ClientHook to be defined as a global - this has now been fixed.
>>
>> I have tested your code with a global ClientHook and it works
>> correctly.
>>
>> You will need today's latest patch set.
>>
>> BTW - you can also define a ClientHook on a per-Client basis if
>> desired.
>>
>> regards
>>
>> Hugh
>>
>>
>> On 15 Jan 2009, at 07:36, Dario Aguilar wrote:
>>
>>>
>>> Hi Hugh,
>>> Here it is a simple example case. As I already mentioned before
>>> we are
>>> using ClientListSQL and not Client clause, but maybe this will
>>> clarify a
>>> little bit our problem.
>>> Please read the comments in the config. File and in the log file.
>>>
>>> Regards,
>>>
>>> Dario.
>>>
>>> [root at server ~]# cat /etc/radiator/radius.cfg
>>> Foreground
>>> # LogStdout
>>> Trace 4
>>> PidFile /var/log/radiator/radiusd.pid
>>> AuthPort 1645
>>> AcctPort 1646
>>> LogDir /var/log/radiator
>>> DbDir /etc/radiator
>>> DictionaryFile /etc/radiator/dictionary
>>> UsernameCharset a-z/A-Z0-9\._ at -
>>>
>>> #
>>> # We declare PreClientHook and ClientHook globally...
>>> #
>>> PreClientHook file:"/etc/radiator/PreClientHook.cfg"
>>> ClientHook file:"/etc/radiator/PreClientHook.cfg"
>>>
>>> <Client DEFAULT>
>>> Secret mysecret
>>> #
>>> # We declare ClientHook inside a Client clause as an example but we
>>> want to
>>> put # this inside the ClientListSQL clause
>>> #
>>> ClientHook file:"/etc/radiator/PreClientHook.cfg"
>>> </Client>
>>>
>>> <AuthBy INTERNAL>
>>> Identifier LIBERADO
>>> AuthResult ACCEPT
>>> AcctStartResult ACCEPT
>>> AcctStopResult ACCEPT
>>> </AuthBy>
>>>
>>> <Handler Request-Type=Access-Request>
>>> PreProcessingHook file:"/etc/radiator/PreClientHook.cfg"
>>> AuthBy LIBERADO
>>> PasswordLogFileName /var/log/radiator/password.log
>>> AcctLogFileName /var/log/radiator/acct.log
>>> </Handler>
>>>
>>>
>>>
>>>
>>> [root at server ~]# cat /etc/radiator/PreClientHook.cfg
>>>
>>> sub
>>> {
>>> my $p = ${$_[0]};
>>>
>>> my $nasport = $p->get_attr('NAS-Port');
>>> my $nasip = $p->get_attr('NAS-IP-Address');
>>> my $ip=&Radius::Util::format_special('%c',$p);
>>>
>>> &main::log($main::LOG_DEBUG,"NASIP=$nasip NASPORT=$nasport IPORIGIN=
>>> $ip");
>>> }
>>>
>>>
>>> [root at server ~]# /usr/bin/radpwtst -timeout 2 -dictionary
>>> /etc/radiator/dictionary -secret mysecret -bind_address 10.0.0.100
>>> -s
>>> 10.0.0.100 -noacct -auth_port 1645 -acct_port 1646
>>> Acct-Session-Id='2/1/0/1196.2436_07DDCC21' -user user at dom -password
>>> xxxx
>>> -nas_ip_address 10.0.0.200 -nas_port 675989892 -nas_port_type
>>> Ethernet
>>>
>>>
>>> [root at server ~]# tail -f /var/log/radiator/logfile
>>>
>>> --------------------------------------------------------------------------------
>>> ClientHook statement it´s not recognized globally as you said.
>>>
>>> --------------------------------------------------------------------------------
>>>
>>> Wed Jan 14 13:06:29 2009: ERR: Unknown keyword 'ClientHook' in
>>> /etc/radiator/radius.cfg line 0
>>> Wed Jan 14 13:06:29 2009: DEBUG: Finished reading configuration file
>>> '/etc/radiator/radius.cfg'
>>> Wed Jan 14 13:06:29 2009: DEBUG: Reading dictionary file
>>> '/etc/radiator/dictionary'
>>> Wed Jan 14 13:06:29 2009: DEBUG: Creating authentication port
>>> 0.0.0.0:1645
>>> Wed Jan 14 13:06:29 2009: DEBUG: Creating accounting port
>>> 0.0.0.0:1646
>>> Wed Jan 14 13:06:29 2009: NOTICE: Server started: Radiator 4.3.1 on
>>> server
>>> --------------------------------------------------------------------------------
>>> Look at that NASIP and NASPORT variables actually Nas-IP-Address and
>>> NAS-Port attributes are both encoded when it is called by global
>>> PreClientHook statement with version 3.1 this was clear
>>> --------------------------------------------------------------------------------
>>> Wed Jan 14 13:08:23 2009: DEBUG: NASIP=�1d NASPORT=(JɄ
>>> IPORIGIN=10.0.0.100
>>> Wed Jan 14 13:08:23 2009: DEBUG: Packet dump:
>>> *** Received from 10.0.0.100 port 56017 ....
>>> Code: Access-Request
>>> Identifier: 158
>>> Authentic: !i<219><159>'/<22>.i<225><213><242><210>+<234>O
>>> Attributes:
>>> User-Name = "user at dom"
>>> Service-Type = Framed-User
>>> NAS-IP-Address = 10.0.0.200
>>> NAS-Port = 675989892
>>> Called-Station-Id = "123456789"
>>> Calling-Station-Id = "987654321"
>>> NAS-Port-Type = Ethernet
>>> User-Password = <175><216>Fe<185><154>L<230><127>Wkgf'<150><238>
>>> Acct-Session-Id = "2/1/0/1196.2436_07DDCC21"
>>>
>>>
>>>
>>> As you can see now this attributes are decoded.
>>>
>>>
>>> Wed Jan 14 13:08:23 2009: DEBUG: NASIP=10.0.0.200 NASPORT=675989892
>>> IPORIGIN=10.0.0.100
>>> Wed Jan 14 13:08:23 2009: DEBUG: Handling request with Handler
>>> 'Request-Type=Access-Request'
>>> Wed Jan 14 13:08:23 2009: DEBUG: NASIP=10.0.0.200 NASPORT=675989892
>>> IPORIGIN=10.0.0.100
>>> Wed Jan 14 13:08:23 2009: DEBUG: Deleting session for user at dom,
>>> 10.0.0.200,
>>> 675989892
>>> Wed Jan 14 13:08:23 2009: DEBUG: Handling with AuthINTERNAL:
>>> LIBERADO
>>> Wed Jan 14 13:08:23 2009: DEBUG: AuthBy INTERNAL result: ACCEPT,
>>> Fixed by
>>> AuthResult
>>> Wed Jan 14 13:08:23 2009: DEBUG: Access accepted for user at dom
>>> Wed Jan 14 13:08:23 2009: DEBUG: Packet dump:
>>> *** Sending to 200.45.46.185 port 56017 ....
>>> Code: Access-Accept
>>> Identifier: 158
>>> Authentic: <4>v<141>$<133> ]<159>4H-<226>?<29><223>2
>>> Attributes:
>>>
>>>
>>>
>>> Hugh Irvine wrote:
>>>>
>>>>
>>>> Hello Dario -
>>>>
>>>> The NAS-IP-Address and NAS-Port attributes are normally in clear
>>>> and
>>>> available to a PreClientHook and/or ClientHook.
>>>>
>>>> Both PreClientHook and ClientHook are global configuration
>>>> options in
>>>> the configuration file - they don't need to be defined in
>>>> ClientListSQL.
>>>>
>>>> reagrds
>>>>
>>>> Hugh
>>>>
>>>>
>>>> On 10 Jan 2009, at 00:27, Dario Aguilar wrote:
>>>>
>>>>>
>>>>> Hi Hugh,
>>>>> As you can see in the script, we need to use the
>>>>> 'NAS-IP-Address' and 'NAS-Port' attributes in our
>>>>> preClientHook.cfg
>>>>> and both
>>>>> values will not be decrypted because this should be done now in a
>>>>> context of
>>>>> a particular Client. The problem is that we cannot declare the
>>>>> parameter
>>>>> ClientHook into the ClientListSQL clause because this dont even
>>>>> exist so I
>>>>> don´t know how can I call preClientHook script to execute for all
>>>>> our SQL
>>>>> clients and not to each one in particular. Maybe Mikey´s added
>>>>> support for
>>>>> ClientHook in ClientList SQLClientHook should help us to resolve
>>>>> this but
>>>>> how can we implement this to satisfy our needs correctly?
>>>>>
>>>>> best regards,
>>>>>
>>>>> Dario.
>>>>>
>>>>>
>>>>> Hugh Irvine wrote:
>>>>>>
>>>>>>
>>>>>> Hello Dario -
>>>>>>
>>>>>> Can you please tell me what problems you are having?
>>>>>>
>>>>>> regards
>>>>>>
>>>>>> Hugh
>>>>>>
>>>>>>
>>>>>> On 8 Jan 2009, at 04:49, Dario Aguilar wrote:
>>>>>>
>>>>>>>
>>>>>>> Hi, first of all I want to clarify that I am a new user of
>>>>>>> Radiator
>>>>>>> and my
>>>>>>> knowledge of Perl language is very poor. We are trying to move
>>>>>>> from
>>>>>>> version
>>>>>>> 3.15 to 4.3.1 and some problems a problem appered to us with the
>>>>>>> old
>>>>>>> Global
>>>>>>> "preClientHook" statement in the new version. How should I call
>>>>>>> PreClientHook.cfg to work in using ClientListSQL ?. I´ve
>>>>>>> already
>>>>>>> finish
>>>>>>> reading the revision history of versions 4.3 and 4.3.1 and the
>>>>>>> reference
>>>>>>> manual but I still have very clear how to implement this in our
>>>>>>> server.
>>>>>>>
>>>>>>> Our radius.conf looks something like this:
>>>>>>> -------------------------------------------------------------
>>>>>>> <ClientListSQL>
>>>>>>> DBSource dbi:Oracle:%{GlobalVar:DBInstance}
>>>>>>> DBUsername %{GlobalVar:DBUsername}
>>>>>>> DBAuth %{GlobalVar:DBAuth}
>>>>>>> DBSource dbi:Oracle:%{GlobalVar:DBInstance}
>>>>>>> DBUsername %{GlobalVar:DBUsername}
>>>>>>> DBAuth %{GlobalVar:DBAuth}
>>>>>>> GetClientQuery SELECT nas_ip_address,secret from
>>>>>>> tbl_radclient WHERE nas_ip_address IS NOT NULL and secret IS NOT
>>>>>>> NULL
>>>>>>> BackupFilename
>>>>>>> %D/clientlist.%{GlobalVar:CodeType}.%{GlobalVar:IpAddress}.dat
>>>>>>> RefreshPeriod 3600
>>>>>>> Timeout 2
>>>>>>> FailureBackoffTime 0
>>>>>>> ConnectionHook file:"%D/ConnectionHook.cfg"
>>>>>>> </ClientListSQL>
>>>>>>>
>>>>>>> PreClientHook file:"%D/PreClientHook.cfg"
>>>>>>> -------------------------------------------------
>>>>>>>
>>>>>>> PreClientHook.cfg----->>>
>>>>>>>
>>>>>>> sub {
>>>>>>> my $p=${$_[0]};
>>>>>>> my $nasip=$p->get_attr('NAS-IP-Address');
>>>>>>> my $ip=&Radius::Util::format_special('%c', $p);
>>>>>>> my $nasport=$p->get_attr('NAS-Port');
>>>>>>> my $callid=$p->get_attr('Calling-Station-Id');
>>>>>>>
>>>>>>> &main::log($main::LOG_DEBUG,'Into PreClientHook');
>>>>>>> &main::log($main::LOG_DEBUG,"NASIP=[$nasip]
>>>>>>> NASPORT=[$nasport]
>>>>>>> SOURCE_IP=[$ip] CallId=[$callid]");
>>>>>>> if($ip ne '192.168.0.1' and $ip ne '192.168.0.2') {
>>>>>>> $p->change_attr('NAS-IP-Address',$ip) if $nasip ne
>>>>>>> $ip;
>>>>>>> }
>>>>>>>
>>>>>>> $p->add_attr('NAS-Port',$callid) unless defined $nasport;
>>>>>>> $p->delete_attr('State');
>>>>>>> if ($p->code eq 'Accounting-Request' &&
>>>>>>> $p->get_attr('Acct-Status-Type') eq 'Stop') {
>>>>>>> my %ascend2ietf = (
>>>>>>> 'remoteEndHungup' => 'User-Request',
>>>>>>> 'pppRcvTerminate' => 'User-Request',
>>>>>>> 'sessTimeOut' => 'Session-
>>>>>>> Timeout',
>>>>>>> '240' => 'Host-Request',
>>>>>>> );
>>>>>>>
>>>>>>> my $ascend_disconnect_cause =
>>>>>>> $p->get_attr('Ascend-Disconnect-Cause');
>>>>>>> if($ascend_disconnect_cause) {
>>>>>>> my $newval=
>>>>>>> $ascend2ietf{$ascend_disconnect_cause};
>>>>>>> $newval='Lost-Carrier'
>>>>>>> unless defined $newval;
>>>>>>> $p->change_attr('Acct-Terminate-Cause',
>>>>>>> $newval);
>>>>>>> }
>>>>>>> }
>>>>>>> }
>>>>>>> -------------------------------------------
>>>>>>>
>>>>>>> thanks,
>>>>>>> Dario Aguilar
>>>>>>> --
>>>>>>> View this message in context:
>>>>>>> http://www.nabble.com/preClientHook-problem-using-ClientListSQL-from-version-3.15-to-version-4.3.1-tp21336689p21336689.html
>>>>>>> Sent from the Radiator - General mailing list archive at
>>>>>>> Nabble.com.
>>>>>>>
>>>>>>>
>>>>>>> _______________________________________________
>>>>>>> radiator mailing list
>>>>>>> radiator at open.com.au
>>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>>>
>>>>>>
>>>>>>
>>>>>> NB:
>>>>>>
>>>>>> Have you read the reference manual ("doc/ref.html")?
>>>>>> Have you searched the mailing list archive
>>>>>> (www.open.com.au/archives/radiator)?
>>>>>> Have you had a quick look on Google (www.google.com)?
>>>>>> Have you included a copy of your configuration file (no secrets),
>>>>>> together with a trace 4 debug showing what is happening?
>>>>>> Have you checked the RadiusExpert wiki:
>>>>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>>>>
>>>>>> --
>>>>>> Radiator: the most portable, flexible and configurable RADIUS
>>>>>> server
>>>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>>>> Includes support for reliable RADIUS transport (RadSec),
>>>>>> and DIAMETER translation agent.
>>>>>> -
>>>>>> Nets: internetwork inventory and management - graphical,
>>>>>> extensible,
>>>>>> flexible with hardware, software, platform and database
>>>>>> independence.
>>>>>> -
>>>>>> CATool: Private Certificate Authority for Unix and Unix-like
>>>>>> systems.
>>>>>>
>>>>>>
>>>>>>
>>>>>> _______________________________________________
>>>>>> radiator mailing list
>>>>>> radiator at open.com.au
>>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>>>
>>>>>>
>>>>>
>>>>> --
>>>>> View this message in context:
>>>>> http://www.nabble.com/preClientHook-problem-using-ClientListSQL-from-version-3.15-to-version-4.3.1-tp21336689p21372284.html
>>>>> Sent from the Radiator - General mailing list archive at
>>>>> Nabble.com.
>>>>>
>>>>>
>>>>> _______________________________________________
>>>>> radiator mailing list
>>>>> radiator at open.com.au
>>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>
>>>>
>>>>
>>>> NB:
>>>>
>>>> Have you read the reference manual ("doc/ref.html")?
>>>> Have you searched the mailing list archive
>>>> (www.open.com.au/archives/radiator)?
>>>> Have you had a quick look on Google (www.google.com)?
>>>> Have you included a copy of your configuration file (no secrets),
>>>> together with a trace 4 debug showing what is happening?
>>>> Have you checked the RadiusExpert wiki:
>>>> http://www.open.com.au/wiki/index.php/Main_Page
>>>>
>>>> --
>>>> Radiator: the most portable, flexible and configurable RADIUS
>>>> server
>>>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>>>> Includes support for reliable RADIUS transport (RadSec),
>>>> and DIAMETER translation agent.
>>>> -
>>>> Nets: internetwork inventory and management - graphical,
>>>> extensible,
>>>> flexible with hardware, software, platform and database
>>>> independence.
>>>> -
>>>> CATool: Private Certificate Authority for Unix and Unix-like
>>>> systems.
>>>>
>>>>
>>>>
>>>> _______________________________________________
>>>> radiator mailing list
>>>> radiator at open.com.au
>>>> http://www.open.com.au/mailman/listinfo/radiator
>>>>
>>>>
>>>
>>> --
>>> View this message in context:
>>> http://www.nabble.com/preClientHook-problem-using-ClientListSQL-from-version-3.15-to-version-4.3.1-tp21336689p21464623.html
>>> Sent from the Radiator - General mailing list archive at Nabble.com.
>>>
>>>
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at open.com.au
>>> http://www.open.com.au/mailman/listinfo/radiator
>>
>>
>>
>> NB:
>>
>> Have you read the reference manual ("doc/ref.html")?
>> Have you searched the mailing list archive
>> (www.open.com.au/archives/radiator)?
>> Have you had a quick look on Google (www.google.com)?
>> Have you included a copy of your configuration file (no secrets),
>> together with a trace 4 debug showing what is happening?
>> Have you checked the RadiusExpert wiki:
>> http://www.open.com.au/wiki/index.php/Main_Page
>>
>> --
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. Available on *NIX, *BSD, Windows, MacOS X.
>> Includes support for reliable RADIUS transport (RadSec),
>> and DIAMETER translation agent.
>> -
>> Nets: internetwork inventory and management - graphical, extensible,
>> flexible with hardware, software, platform and database independence.
>> -
>> CATool: Private Certificate Authority for Unix and Unix-like systems.
>>
>>
>>
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
>
> --
> View this message in context: http://www.nabble.com/preClientHook-problem-using-ClientListSQL-from-version-3.15-to-version-4.3.1-tp21336689p21548826.html
> Sent from the Radiator - General mailing list archive at Nabble.com.
>
>
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
NB:
Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets),
together with a trace 4 debug showing what is happening?
Have you checked the RadiusExpert wiki:
http://www.open.com.au/wiki/index.php/Main_Page
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.
More information about the radiator
mailing list