[RADIATOR] DefaultSimultaneousUse while using AuthRADIUS

Michael ringo at vianet.ca
Tue Jan 7 11:32:46 CST 2014 

Thank you Heikki,

Took a while to get the time to upgrade, but the upgrade works and now 
shows the actual Reply-Message.  And also, the DefaultSimultaneousUse in 
the ReplyHook still works fine.


<AuthBy RADIUS>
                 .....
                 # need to do DefaultSimultaneousUse check in Reply Hook 
when using AuthBy RADIUS.
                 DefaultSimultaneousUse 1
                 ReplyHook 
file:"%D/conf/hook.ReplyHook-DefaultSimultaneousUse.pl"
</AuthBy>

ReplyHook:
sub {
     &main::log($main::LOG_DEBUG, "hook.Reply: executing.");

     my $p = ${$_[0]};   # proxy reply packet
     my $rp = ${$_[1]};  # reply packet to NAS
     my $op = ${$_[2]};  # original request packet
     my $sp = ${$_[3]};  # packet sent to proxy

     return unless $p->code eq 'Access-Accept';

     # proxied auth request passed, check DefaultSimultaneousUse
     my $limit = $sp->{ThisAuth}->{DefaultSimultaneousUse};
     &main::log($main::LOG_DEBUG, "hook.Reply: DefaultSimultaneousUse 
check of ($limit)");
     if( Radius::SessGeneric::find($op->{Handler}->{SessionDatabase} 
)->exceeded( $limit, $op->{OriginalUserName}, $op) )
     {
         $op->{RadiusResult} = $main::REJECT;
         $p->change_attr('Reply-Message', "DefaultSimultaneousUse of 
$limit exceeded");
         &main::log($main::LOG_DEBUG, "hook.Reply: 
DefaultSimultaneousUse of $limit exceeded");
     }

     &main::log($main::LOG_DEBUG, "hook.Reply: DONE");
}





On 23/12/13 04:28 PM, Heikki Vatiainen wrote:
> On 12/23/2013 07:27 PM, Michael wrote:
>
>> for a proof of concept, i can set an error message this way:
>>
>> first by changing the AuthRADIUS.pm source:
> It appears you have Radiator 4.11 or earlier. One of the changes between
> 4.11 and 4.12 is how the Reply-Message from upstream is handled:
>
> http://www.open.com.au/radiator/history.html
>
>    Altered AuthBy RADIUS and AuthBy RADSEC handleReply so that in the
>    event of an Access-Reject from a proxied request, AuthLog* can log
>    the actual Reply-Message from the reply instead of 'Proxied'.
>    Requested by David Zych.
>
> This change is similar to what your proof of concept does.
>
>> and then, i can set the error message in the ReplyHook with:
>> $p->change_attr('Reply-Message', 'DefaultSimultaneousUse error');
> With the current version this should be enough. The change made in
> AuthRADIUS.pm should take care of the rest.
>
> Thanks,
> Heikki
>

More information about the radiator mailing list