[RADIATOR] Problem with %{Reply,name}

Heikki Vatiainen hvn at open.com.au
Fri Apr 8 15:15:55 CDT 2011


On 04/08/2011 07:30 PM, frank.messie at osix.nl wrote:

Hello Frank,

> As described in my earlier mail I want to add an attribute in the reply
> message as follows
> 
>          AuthSelect select PASSWORD, USER_CATEGORY from  DSM_USER where
> DOMAIN_NAME = 'PUBLIC' AND USER_NAME = split_part (%0,E'\\', 2) AND
> ENABLED = True
>        
>         AuthColumnDef       0, User-Password, check
>         AuthColumnDef       1, Class, reply

That looks good and should work. You probably checked Radiator log and
verified that Class gets sent with Access-Accept?

> However, I don't get this Class attribute back in the accounting response.
> I would expect that every NAS (we are using Coova Chilli) would handle
> this Class attribute, but apparently it does not.

That is a very reasonable expectation. The clients should just echo back
Class with Accounting messages in effect binding the authentication
event the respective accounting session.

> Are these reply attributes NAS specific ?

No. Class is in the base RADIUS RFC. See for example this:

http://tools.ietf.org/html/rfc2865#section-5.25

> Should I use another attribute ?

You could check Coova documentation to see if they support anything
similar to Class.

If they do not, User-Name attribute should behave similarly to Class.
See for example:

http://tools.ietf.org/html/rfc2865#section-5.1

It's of course usually more useful to keep User-Name intact.

Thanks!
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list