[RADIATOR] Authentication without check attributes

Heikki Vatiainen hvn at open.com.au
Thu Oct 4 13:48:49 CDT 2012


On 10/04/2012 11:47 AM, Jesús Rodríguez wrote:

> Is possible to use a value returned in an <AuthBy SQL> AuthSelect query in a subsequent <AuthBy>?.

Yes. Instead of using 'check' as the type for AuthColumnDef, use
'request'. That will put the retrieved value in the request for later
use. For the details, please see the reference manual section '5.31.11
AuthColumnDef'.

Thanks,
Heikki


> An example:
> 
> <Handler Client-Identifier=preauth,Calling-Station-Id="1234567">
> 	AuthByPolicy ContinueWhileAccept
> 	AddToRequest X-pre-auth-required-result = 1
> 	<AuthBy SQL>
> 		AuthSelect select validate_preauth('%{Calling-Station-Id}','',%0,'','','','','','','','','','',0,1,0,now())
> 		AuthColumnDef 0, X-pre-auth-required-result, check
> 	</AuthBy>
> 
> In this case, the AuthSelect would return two values. The first one is used as check value. I would like to get the second returned value and use it in a subsequent <AuthBy> within the same <Handler> clause. Is possible to save the second value in a variable or pseudo-attribute and use it later on?.
> 
> Thanks and regards.
> 
> 
> 
> 
> 
> El 27/06/2012, a las 13:21, Jesús Rodríguez <jesusr at voztele.com> escribió:
> 
>> ---------- Forwarded message ----------
>> From: Heikki Vatiainen <hvn at open.com.au>
>> Date: Sun, Jun 24, 2012 at 10:59 PM
>> Subject: Re: [RADIATOR] Authentication without check attributes
>> To: radiator at open.com.au
>>
>>
>> On 06/23/2012 04:32 PM, Jesús Rodríguez wrote:
>>
>>> To authenticate a dsl pre-authentication request, i have to use a mysql function query (using AuthBy mysql) that returns 1 (accept) or 0 (reject), with no check attributes or other values i can use as check parameters.
>>>
>>> How can i send the Accept or Reject based on the returned 1 or 0 values?.
>>
>> Try something like this:
>>
>> <Handler ...>
>>    AddToRequest  X-pre-auth-required-result = 1
>>    <AuthBy SQL>
>>        AuthSelect your-mysql-function
>>        AuthColumnDef 0, X-pre-auth-required-result, check
>>    ...
>> ...
>>
>> Here X-pre-auth-required-result is a local pseudo-attribute. You can
>> name it as you want, but the main thing is it will never come from the
>> NAS and has a fixed value you can compare against value returned from
>> MySQL function.
>>
>> Thanks,
>> Heikki
> 
> 
> 
> 
> ------------------------------------
> Jesus Rodriguez
> VozTelecom Sistemas, S.L.
> jesusr at voztele.com
> http://www.voztele.com
> Tel. 902360305
> -------------------------------------
> 
> 
> 
> 
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list