[RADIATOR] AddToReply with condition

Heikki Vatiainen hvn at open.com.au
Tue Apr 9 22:30:51 CDT 2013 

On 04/09/2013 08:49 PM, Nuno Marques wrote:

> After good authentication I want to check if the the user exists in a DB
> (BlackList) and, if yes, put him in a specific VLAN. Made some research
> and the <Handler , , , > seemed to be the solution but it doesn’t
> support attributes that are queries to DB, am I correct?. Can you aid me
> on this? Thanks in advance.

Try this: create AuthBy GROUP with Identifier BlackList. The group would
have two AuthBys and AuthByPolicy ContinueUntilAccept.

The first AuthBy is AuthBy SQL with AuthSelect that does lookup in SQL
and has AddToReply with the VLAN attributes. In other words, this AuthBy
adds the attributes if there's a match.

The second AuthBy is of type INTERNAL. It should ACCEPT all requests
since the policy will evaluate it only when there was no match in the
blacklist SQL.

The outcome from the GROUP is an accept from the first or the second
AuthBy depending on if the user was blacklisted or not.

Please let us know how it goes.

Thanks,
Heikki



> <Handler Realm=/^ubi.pt$/i>
> 
> AuthByPolicy ContinueAlways
> 
> AuthBy SQLAccounting
> 
> AuthBy PEAP_IAS
> 
> * *
> 
> *AuthBy BlackList*
> 
>                
> 
> AuthLog localusers
> 
> </Handler>
> 
>  
> 
> <Authby SQL>
> 
> Identifier BlackList
> 
> DBSource dbi:mysql:BLACKLIST
> 
> DBUsername xxx
> 
>                 DBAuth xxx
> 
>                 Timeout 600
> 
>                 SQLRetries 4
> 
>                 FailureBackoffTime 10
> 
>  
> 
>                 *If  (AuthSelect SELECT username from BLACKLIST where
> username=%0) != NULL then*
> 
>  
> 
> AddToReply
> Tunnel-Type=1:VLAN,Tunnel-Medium-Type=1:Ether_802,Tunnel-Private-Group-ID=3002
> 
>  
> 
>  
> 
> </AuthBy>
> 
>                
> 
>  
> 
> 
> ------------------------------------------------------------------------
> 
> UBI amiga do ambiente: Antes de imprimir este e-mail pense bem se tem
> mesmo que o fazer. As árvores são um bem imprescindível.
> 
> 
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
> 


-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.

More information about the radiator mailing list