[RADIATOR] Accessing Timestamp in Postauthhook during Access-Request
Chris Bland
chris at fdu.edu
Fri Feb 19 12:58:24 CST 2010
Hugh,
Still now sure what's not working. I tried you solution in a file by
itself and this is what showed up in the logs
Fri Feb 19 11:37:25 2010: DEBUG: AuthBy LDAP2 result: ACCEPT,
Fri Feb 19 11:37:25 2010: DEBUG: Timestamp is
Fri Feb 19 11:37:25 2010: DEBUG: Access accepted for chris at fdu.edu
I forgot to mention in my original post that I am able to get the
Timestamp during other requests just not in the Access-Request.
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
Yes
> Have you searched the mailing list archive
(www.open.com.au/archives/radiator)?
Yes
> Have you had a quick look on Google (www.google.com)?
Yes
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
#########################################################################
LogStdout
LogDir /var/log/radius-test
DbDir .
Trace 4
PidFile /var/log/radius-test/radiusd.pid
AuthPort 7210
AcctPort 7211
DefineGlobalVar Max 7200
DictionaryFile /etc/radiator/dictionary.test
#########################################################################
<Client localhost>
Secret password
DupInterval 0
</Client>
#########################################################################
<AuthBy LDAP2>
Identifier CheckLDAP
Host 127.0.0.1
Port 389
BaseDN dc=fdu, dc=edu
Scope subtree
UsernameAttr emailaddr
PasswordAttr userPassword
ServerChecksPassword
Timeout 15
FailureBackoffTime 30
HoldServerConnection
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
#Debug 255
</AuthBy>
#########################################################################
<AuthLog SQL>
Identifier ALUMREQUEST
DBSource dbi:mysql:radius_db:localhost
DBUsername dbuser
DBAuth xxxxxx
LogSuccess
SuccessQuery insert into alumni_authlog
(TIME_STAMP,USERNAME,TYPE) values ('%l','%n',1)
LogFailure
FailureQuery insert into alumni_authlog
(TIME_STAMP,USERNAME,TYPE,REASON) values ('%l','%n',0,%1)
</AuthLog>
#########################################################################
<AuthLog SQL>
Identifier STUDREQUEST
DBSource dbi:mysql:radius_db:localhost
DBUsername dbuser
DBAuth xxxxxx
LogSuccess
SuccessQuery insert into student_authlog
(TIME_STAMP,USERNAME,TYPE) values ('%l','%n',1)
LogFailure
FailureQuery insert into student_authlog
(TIME_STAMP,USERNAME,TYPE,REASON) values ('%l','%n',0,%1)
</AuthLog>
#########################################################################
<Realm student.fdu.edu>
AuthBy CheckLDAP
AddToReply User-Role="student"
AuthLog STUDREQUEST
MaxSessions 1
</Realm>
########################################################################
<Realm alumni.fdu.edu>
AuthBy CheckLDAP
AddToReply User-Role="alumni"
AuthLog ALUMREQUEST
MaxSessions 1
</Realm>
########################################################################
<Realm fdu.edu>
AuthByPolicy ContinueAlways
AuthBy CheckLDAP
PostAuthHook file:"/usr/local/adm/etc/test-postauth.pl"
MaxSessions 1
</Realm>
########################################################################
<Realm DEFAULT>
AuthByPolicy ContinueAlways
<AuthBy SQL>
DBSource dbi:mysql:radius_db:localhost
DBUsername dbuser
DBAuth xxxxxx
DefaultSimultaneousUse 1
AccountingTable subscribers
AuthColumnDef 0, User-Password, check
AuthColumnDef 1, User-Role, reply
AuthSelect select password, role from subscribers where
username='%n'
AddToReply Framed-Protocol = PPP,\
Framed-IP-Netmask = 255.255.255.255,\
Framed-Routing = None,\
Framed-MTU = 1500,\
Framed-Compression = Van-Jacobson-TCP-IP
</AuthBy>
PostAuthHook file:"/usr/local/adm/etc/test-postauth.pl"
MaxSessions 1
</Realm>
########################################################################
<SessionDatabase SQL>
Identifier SQLDB
DBSource dbi:mysql:radius_db:localhost
DBUsername dbuser
DBAuth xxxxxx
</SessionDatabase>
Fri Feb 19 13:56:11 2010: DEBUG: Packet dump:
*** Received from 127.0.0.1 port 44091 ....
Code: Access-Request
Identifier: 116
Authentic: 1234567890123456
Attributes:
User-Name = "chris at fdu.edu"
Service-Type = Framed-User
NAS-IP-Address = 203.63.154.1
NAS-Identifier = "203.63.154.1"
NAS-Port = 1234
Called-Station-Id = "123456789"
Calling-Station-Id = "987654321"
NAS-Port-Type = Async
User-Password = <195>I2<207><241><246><5>0<196><20><11><14><211>G<128><220>
Fri Feb 19 13:56:11 2010: DEBUG: Handling request with Handler
'Realm=fdu.edu'
Fri Feb 19 13:56:11 2010: DEBUG: SQLDB Deleting session for
chris at fdu.edu, 203.63.154.1, 1234
Fri Feb 19 13:56:11 2010: DEBUG: do query is: 'delete from RADONLINE
where NASIDENTIFIER='203.63.154.1' and NASPORT=01234':
Fri Feb 19 13:56:11 2010: DEBUG: Query is: 'select NASIDENTIFIER,
NASPORT, ACCTSESSIONID, FRAMEDIPADDRESS from RADONLINE where
USERNAME='chris at fdu.edu'':
Fri Feb 19 13:56:11 2010: DEBUG: Handling with Radius::AuthLDAP2: CheckLDAP
Fri Feb 19 13:56:11 2010: ERR: ldap bind failed with error
LDAP_INVALID_CREDENTIALS.
Fri Feb 19 13:56:11 2010: ERR: Disconnecting from LDAP server (server
127.0.0.1:19389).
Fri Feb 19 13:56:11 2010: DEBUG: Radius::AuthLDAP2 looks for match with
chris at fdu.edu [chris at fdu.edu]
Fri Feb 19 13:56:11 2010: DEBUG: Radius::AuthLDAP2 REJECT: Bad Encrypted
password: chris at fdu.edu [chris at fdu.edu]
Fri Feb 19 13:56:11 2010: INFO: Connecting to 127.0.0.1, port 19389
Fri Feb 19 13:56:11 2010: INFO: Attempting to bind to LDAP server
127.0.0.1:19389
Fri Feb 19 13:56:11 2010: DEBUG: No entries for DEFAULT found in LDAP
database
Fri Feb 19 13:56:11 2010: DEBUG: AuthBy LDAP2 result: REJECT, Bad
Encrypted password
Fri Feb 19 13:56:11 2010: DEBUG: Timestamp is
Fri Feb 19 13:56:11 2010: INFO: Access rejected for chris at fdu.edu: Bad
Encrypted password
Fri Feb 19 13:56:11 2010: DEBUG: Packet dump:
*** Sending to 127.0.0.1 port 44091 ....
-Chris
Hugh Irvine wrote:
> Hello Chris -
>
> The Timestamp is an integer number of seconds and you have defined it in your database as a string.
>
> If you want a string you should use one of the special characters and call format_special on it.
>
> Here is an example:
>
>
> Radiator-4.6 hugh$ less timestamp.pl
>
> # -*- mode: Perl -*-
> #
> # Author: Hugh Irvine (hugh at open.com.au)
> # Copyright (C) 2010 Open System Consultants
> #
>
> sub
> {
> my $p = ${$_[0]};
>
> my $timestamp = &Radius::Util::format_special('%F', $p);
>
> &main::log($main::LOG_DEBUG, "Timestamp is $timestamp");
>
> return;
> }
>
>
> See section 5.2 in the Radiator 4.6 reference manual ("doc/ref.pdf") or the code in "Radius/Util.pm".
>
> regards
>
> Hugh
>
>
> On 19 Feb 2010, at 08:23, Chris Bland wrote:
>
>
>> Hi guys,
>>
>> I have what seems like it should be trivial but has been driving me nuts
>> for more than a day. I wrote a postauthhook to categorize users within
>> a realm and create log entries in separate database tables. Everything
>> works find except for getting the Timestamp. My code includes the
>> following:
>>
>> my $p = ${$_[0]};
>> my $rp = ${$_[1]};
>> my $result = ${$_[2]};
>> my $reason = ${$_[3]};
>>
>> my $timestamp = $p->get_attr('Timestamp');
>>
>> then I execute the following sql statement
>>
>> insert into $authlog (TIME_STAMP,USERNAME,TYPE,REASON) values
>> ('$timestamp','$username',$reqtype,'$reason')";
>>
>> When I look in my db logs I see
>>
>> insert into iauthlog (TIME_STAMP,USERNAME,TYPE,REASON) values
>> ('','chris at fdu.edu',1,'')
>>
>> My table is constructed like this
>> +------------+-------------+------+-----+---------+-------+
>> | Field | Type | Null | Key | Default | Extra |
>> +------------+-------------+------+-----+---------+-------+
>> | USERNAME | varchar(50) | YES | | NULL | |
>> | TIME_STAMP | varchar(50) | YES | | NULL | |
>> | TYPE | int(1) | YES | | NULL | |
>> | REASON | varchar(50) | YES | | NULL | |
>> | IPADD | varchar(20) | YES | | NULL | |
>> +------------+-------------+------+-----+---------+-------+
>>
>> I keep losing the Timestamp. I have tried to pull time from both the
>> reply packet as well as the current request but neither works. We are
>> running version Radiator-3.14-1 on a RHEL4 server.
>>
>> Any help is appreciated,
>>
>> -Chris
>> _______________________________________________
>> radiator mailing list
>> radiator at open.com.au
>> http://www.open.com.au/mailman/listinfo/radiator
>>
>
>
>
> NB:
>
> Have you read the reference manual ("doc/ref.html")?
> Have you searched the mailing list archive (www.open.com.au/archives/radiator)?
> Have you had a quick look on Google (www.google.com)?
> Have you included a copy of your configuration file (no secrets),
> together with a trace 4 debug showing what is happening?
>
>
More information about the radiator
mailing list