[RADIATOR] ClientHook sequence?

Dave Kitabjian dave at netcarrier.com
Wed Aug 25 09:01:30 CDT 2010


Mike, Hugh, and Heikki,

Thanks!!

Dave

-----Original Message-----
From: Hugh Irvine [mailto:hugh at open.com.au] 
Sent: Friday, August 20, 2010 7:03 PM
To: Heikki Vatiainen
Cc: Dave Kitabjian; radiator at open.com.au; Greg Evanyke
Subject: Re: [RADIATOR] ClientHook sequence?


Hello Heikki, Hello Dave -

Correct.

Historically we had a PreClientHook and a PreHandlerHook in the Client
clause(s), however when vendors began encrypting attributes, we needed
to provide a hook that fired after the attributes were decoded. Hence we
came up with the ClientHook that can be specified globally (for all
clients) and/or per-client.

regards

Hugh


On 21 Aug 2010, at 06:58, Heikki Vatiainen wrote:

> On 08/20/2010 11:03 PM, Dave Kitabjian wrote:
>> Does anyone know where the "ClientHook" fits in this
order-of-execution
>> sequence?
> 
> Seems to be between steps 6 and 7. The global ClientHook runs first
and
> right after that the client specific ClientHook is called.
> 
> I also noticed that at least with version 4.7, the secret is checked
> after the hooks run, so the hooks can catch even those requests where
> the authenticator check fails. So even if the request fails with "Bad
> authenticator in request from ..." log message, the request would
still
> have been available for processing with ClientHook(s).
> 
>> *http://open.com.au/radiator/ref.pdf*
>> 
>> * *
>> 
>> *1. *Server started
>> 
>> *2. **StartupHook *called
>> 
>> *3. *Request received from NAS
>> 
>> *4. *Global RewriteUsernames applied
>> 
>> *5. **PreClientHook *called
>> 
>> *6. *Client clause selected
>> 
>> *7. *Client RewriteUsernames applied
>> 
>> *8. *Duplicate detection done
>> 
>> *9. **PreHandlerHook *called
>> 
>> *10. *Handler selected
>> 
>> *11.**PreProcessingHook *called
>> 
>> *12. *Handler's RewriteUsername and RewriteFunction applied
>> 
>> *13. *Session database updated (accounting requests only)
>> 
>> *14. *Accounting log files (AcctLogFileName and WtmpFileName) written
>> 
>> *15.**PreAuthHook *called
>> 
>> *16. *AuthBy clauses invoked
>> 
>> *17.**PostAuthHook *called
>> 
>> *18. *Statistics updated
>> 
>> *19.PostProcessingHook *called (if there is a reply to be sent)
>> 
>> *Integration*
>> 
>> 
>> 
>> 
>> 
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
> 
> 
> -- 
> Heikki Vatiainen, Arch Red Oy
> +358 44 087 6547
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator



NB: 

Have you read the reference manual ("doc/ref.html")?
Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Have you had a quick look on Google (www.google.com)?
Have you included a copy of your configuration file (no secrets), 
together with a trace 4 debug showing what is happening?

-- 
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. Available on *NIX, *BSD, Windows, MacOS X.
Includes support for reliable RADIUS transport (RadSec),
and DIAMETER translation agent.
-
Nets: internetwork inventory and management - graphical, extensible,
flexible with hardware, software, platform and database independence.
-
CATool: Private Certificate Authority for Unix and Unix-like systems.








More information about the radiator mailing list