[RADIATOR] Custom Error Logging to RADAUTHLOG

ronald higgins ronald.higgins at gmail.com
Tue Jan 7 10:47:10 CST 2014


Thanks Heikki,

Appreciate the assist, now that it's differentiated I can make it more user
friendly with a stored proc or job.

;)


On Tue, Jan 7, 2014 at 2:52 PM, Heikki Vatiainen <hvn at open.com.au> wrote:

> On 01/07/2014 11:17 AM, ronald higgins wrote:
> > Hi All,
>
> > I've got a AuthSelect that checks if an account is active on our CMDB
> > but when the check fails (inactive user result) what get's logged to
> > RADAUTHLOG is "no such user" which is a little misleading for the
> > support staff.
> >
> > Is there a way to write something more descriptive for this check to
> > RADAUTHLOG such as "account inactive" ? Perhaps a different AuthLog
> > called from this AuthBy?
>
> I'd change the AuthSelect so that it only does a lookup based on the
> username, or subscriber_id in your case. Now it also does authorization
> (enabled='1'). Something like this:
>
> <Hander ...>
>   AddToRequest X-Enabled=1
>   <AuthBy SQL>
>      ...
>     AuthSelect select status from subscribers where subscriber_id='%n'
>
>     AuthColumnDef 0, X-Enabled, check
>     </AuthBy>
> </Handler>
>
> If there is no subscriber, you will get 'No such user' which is correct.
> If the account is not enabled, you will get a complaint about X-Enabled
> not matching the expected value. In other words, the lookup is just for
> fetching the information (if any) and the AuthColumnDef(s) do the
> authorization checks.
>
> Thanks,
> Heikki
>
> > Current AuthBy:
> >
> > <AuthBy SQL>
> >
> >         Identifier Auth_Acct_Status
> >
> >                 NoDefault
> >                 DBSource    dbi:mysql:[dbname]:[hostname]:3306
> >                 DBUsername  ****
> >                 DBAuth      ****
> >
> >                 FailureBackoffTime 10
> >
> >                 AuthSelect select status from subscribers where
> > subscriber_id='%n' and enabled='1';
> >
> > </AuthBy>
>
>
> --
> Heikki Vatiainen <hvn at open.com.au>
>
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.
> _______________________________________________
> radiator mailing list
> radiator at open.com.au
> http://www.open.com.au/mailman/listinfo/radiator
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://www.open.com.au/pipermail/radiator/attachments/20140107/5ab3bc8a/attachment.html 


More information about the radiator mailing list