[RADIATOR] Custom Error Logging to RADAUTHLOG
Heikki Vatiainen
hvn at open.com.au
Tue Jan 7 06:52:48 CST 2014
On 01/07/2014 11:17 AM, ronald higgins wrote:
> Hi All,
> I've got a AuthSelect that checks if an account is active on our CMDB
> but when the check fails (inactive user result) what get's logged to
> RADAUTHLOG is "no such user" which is a little misleading for the
> support staff.
>
> Is there a way to write something more descriptive for this check to
> RADAUTHLOG such as "account inactive" ? Perhaps a different AuthLog
> called from this AuthBy?
I'd change the AuthSelect so that it only does a lookup based on the
username, or subscriber_id in your case. Now it also does authorization
(enabled='1'). Something like this:
<Hander ...>
AddToRequest X-Enabled=1
<AuthBy SQL>
...
AuthSelect select status from subscribers where subscriber_id='%n'
AuthColumnDef 0, X-Enabled, check
</AuthBy>
</Handler>
If there is no subscriber, you will get 'No such user' which is correct.
If the account is not enabled, you will get a complaint about X-Enabled
not matching the expected value. In other words, the lookup is just for
fetching the information (if any) and the AuthColumnDef(s) do the
authorization checks.
Thanks,
Heikki
> Current AuthBy:
>
> <AuthBy SQL>
>
> Identifier Auth_Acct_Status
>
> NoDefault
> DBSource dbi:mysql:[dbname]:[hostname]:3306
> DBUsername ****
> DBAuth ****
>
> FailureBackoffTime 10
>
> AuthSelect select status from subscribers where
> subscriber_id='%n' and enabled='1';
>
> </AuthBy>
--
Heikki Vatiainen <hvn at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list