[RADIATOR] Formatting character for next hop servers when proxying

Heikki Vatiainen hvn at archred.com
Sat Jul 25 15:48:00 CDT 2009 

Hugh Irvine wrote:
> This is not currently supported.

Thanks for confirming this. Now for the plan B :)

In case someone finds this useful, here is how I did it with a hook and
custom dictionary:

Configuration file:
-------------------
<AuthBy SQLRADIUS>
  ReplyHook sub { ${$_[1]}->add_attr('ArchRed-RemoteRadiusIP', \
        Radius::Util::inet_ntop(${$_[0]}->{RecvFromAddress})); }
</AuthBy>

<Client whatever>
  # Do not let VSAs exit this server
  StripFromReply ArchRed-RemoteRadiusIP
</Client>


Vendor specific attribute (VSA)
-------------------------------
The attribute is in /etc/radiator/dictionary.archred and is simply:
VENDOR          ArchRed 30570
VENDORATTR      30570   ArchRed-RemoteRadiusIP          4 string

This is loaded in the configuration file using "DictionaryFile" global
parameter.


Using with AuthLog
------------------
<AuthLog FILE>
  ...
  SuccessFormat stuff...{Reply:ArchRed-RemoteRadiusIP}...more stuff
<AuthLog>

IPv4 addresses are logged in the normal dotted decimal format, and IPv6
address are prefixed with ipv6:


> On 25 Jul 2009, at 04:39, Heikki Vatiainen wrote:
> 
>> Does anyone know how to get the IPv4 or IPv6 address of the next hop a
>> request was forwarded to? This is when proxying RADIUS requests.
>>
>> The manual has %c and %C that are the IP address or DNS name of the
>> sender, but I could not find a formatting character for the next hop
>> proxy.
>>
>> AuthBy DNSROAM, RADIUS, SQLRADIUS and LDAPRADIUS at least are the ones
>> where the next hop RADIUS is resolved during the runtime. For logging
>> purposes it might be useful to know which IP address was the destination
>> that was chosen.
>>
>> Thanks!
>>
>> -- 
>> Heikki Vatiainen, Arch Red Oy
>> +358 44 087 6547
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> 
> NB:
> 
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive
> (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
> Have you checked the RadiusExpert wiki:
> http://www.open.com.au/wiki/index.php/Main_Page
> 


-- 
Heikki Vatiainen, Arch Red Oy
+358 44 087 6547

More information about the radiator mailing list