[RADIATOR] PostProcessingHook Placement for eap_acct_username.pl
michael
mrodrigues at education.ucsb.edu
Thu Oct 1 14:50:14 CDT 2009
Hi,
I've been lurking for a while but have finally hit a wall. I need to
prevent users from being logged as 'anonymous'. I understand that this
is the outer ID and that I need to copy the inner ID to the outer ID
after processing to fix this. I am aware of the eap_acct_username.pl
script in the goodies folder. I tried adding the PostProcessingHook to
my Handler, but I am still seeing anonymous entries in the logs. I
figured I had misplaced the statement in the configuration, but upon
moving it to either before or after the Authby clause within the
handler, I am still having trouble. I'm going to attach my configuration
without passwords. I get no errors in the level 5 trace debug output
upon starting Radiator. Is there something I overlooked? I can provide
more information if needed.
Debug:
Thu Oct 1 12:30:00 2009: DEBUG: Finished reading configuration file
'/etc/radiator/radius.cfg'
Thu Oct 1 12:30:00 2009: DEBUG: Reading dictionary file
'/etc/radiator/dictionary'
Thu Oct 1 12:30:00 2009: DEBUG: Creating authentication port 0.0.0.0:1645
Thu Oct 1 12:30:00 2009: DEBUG: Creating accounting port 0.0.0.0:1646
Thu Oct 1 12:30:00 2009: NOTICE: Server started: Radiator 4.4 on hostname
Thu Oct 1 12:30:04 2009: DEBUG: Packet dump:
Details:
-Radiator 4.4 on Solaris 10 x86
-Authentication done via EAP-TTLS PAP
-LDAP backend
Config:
########## ##########
##### Radiator Configuration #####
######### ##########
## Updated 8/16/09 jg
<Handler Request-Type=Accounting-Request>
<AuthBy SQL>
DBSource dbi:mysql:radius:127.0.0.1
#DBSource dbi:mysql:public:127.0.0.1
DBUsername ######
DBAuth ########
HandleAcctStatusTypes Start,Stop
# This statement inserts the accounting information into the SQL database.
AcctSQLStatement insert into public values('%{Acct-Session-Id}','%{Timestamp}','%{Framed-IP-Address}','%{User-Name}','%{Acct-Status-Type}','%{Extreme-SSID}','%{Connect-Info}','%{Acct-Delay-Time}');
</AuthBy>
</Handler>
#These are the subnets from which calls to the RADIUS server are allowed.
<Client localhost>
Secret #######
DupInterval 0
</Client>
<Client 0.0.0.0/24>
Secret #######
DupInterval 0
</Client>
<Client 0.0.0.0/23>
Secret #######
DupInterval 0
</Client>
<Handler>
PostProcessingHook file:"/etc/radiator/eap_acct_username.pl"
<AuthBy LDAP2>
#Directory server info
Host ###########
Port 389
BaseDN o=##########
UsernameAttr uid
ServerChecksPassword
#Allowed EAP Types
EAPType TTLS
#Certificate stuff
EAPTLS_MaxFragmentSize 1000
EAPTLS_CAFile /etc/radiator/certs/demoCA/cacert.pem
EAPTLS_CertificateType PEM
EAPTLS_CertificateFile /etc/radiator/certs/cert-srv.pem
EAPTLS_PrivateKeyFile /etc/radiator/certs/cert-srv.pem
EAPTLS_PrivateKeyPassword whatever
EAPTLS_MaxFragmentSize 2048
AutoMPPEKeys
# EAPTLS_PEAPBrokenV1Label
# EAPTLS_PEAPVersion 0\
SSLeayTrace 4
HoldServerConnection
Timeout 2
FailureBackoffTime 30
Version 3
</AuthBy>
<Log FILE>
Filename logfile
</Log>
#############################################
#############################################
Thanks,
Michael R.
More information about the radiator
mailing list