[RADIATOR] Problem with %{Reply,name}
frank.messie at osix.nl
frank.messie at osix.nl
Fri Apr 8 16:11:24 CDT 2011
Hi Heikki,
I got it all working.
Class is supported by Chilli.
Thanks to your suggestion to define separate accounting handler I was able
to simplify my whole config.
I think it is now cleas and proper.
Thanks a lot.
Vriendelijke groeten, Kind regards,
Frank Messie
Bikbergerweg 18, 1272 PM Huizen, The Netherlands
Phone: +31(0)356946010
Email: frank.messie at osix.nl
The information contained in this communication is intended solely for use
by the individual or entity to
whom it is addressed. Use of this communication by others is prohibited.
If the e-mail message was sent to you by mistake, please destroy it
without
reading, using, copying or disclosing its contents to any other person.
Sender accepts no liability for damage related to data and/or documents
which
are communicated by electronic mail.
From:
Heikki Vatiainen <hvn at open.com.au>
To:
frank.messie at osix.nl
Cc:
radiator at open.com.au
Date:
08-04-2011 22:18
Subject:
Re: [RADIATOR] Problem with %{Reply,name}
On 04/08/2011 07:30 PM, frank.messie at osix.nl wrote:
Hello Frank,
> As described in my earlier mail I want to add an attribute in the reply
> message as follows
>
> AuthSelect select PASSWORD, USER_CATEGORY from DSM_USER where
> DOMAIN_NAME = 'PUBLIC' AND USER_NAME = split_part (%0,E'\\', 2) AND
> ENABLED = True
>
> AuthColumnDef 0, User-Password, check
> AuthColumnDef 1, Class, reply
That looks good and should work. You probably checked Radiator log and
verified that Class gets sent with Access-Accept?
> However, I don't get this Class attribute back in the accounting
response.
> I would expect that every NAS (we are using Coova Chilli) would handle
> this Class attribute, but apparently it does not.
That is a very reasonable expectation. The clients should just echo back
Class with Accounting messages in effect binding the authentication
event the respective accounting session.
> Are these reply attributes NAS specific ?
No. Class is in the base RADIUS RFC. See for example this:
http://tools.ietf.org/html/rfc2865#section-5.25
> Should I use another attribute ?
You could check Coova documentation to see if they support anything
similar to Class.
If they do not, User-Name attribute should behave similarly to Class.
See for example:
http://tools.ietf.org/html/rfc2865#section-5.1
It's of course usually more useful to keep User-Name intact.
Thanks!
Heikki
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20110408/0e28c881/attachment.html
More information about the radiator
mailing list