[RADIATOR] EAP right username in log and session table

Heikki Vatiainen hvn at open.com.au
Tue May 6 15:01:54 CDT 2014


On 05/06/2014 08:57 AM, Boon EJC wrote:

> Another attribute i can use is the Calling_Station_ID, however the
> problem seems that there is no function to actually read those
> attributes other then the getAttrByNum and that one does not work
> properly in the PreProcessingHook (ERR: Error in PreProcessingHook():
> Can't call method "getAttrByNum" on an undefined value at)

I think the problem here is that PreProcessingHook runs for
Accounting-Request messages only. These do not have outerRequest which
PEAP inner authentication does have. Please see below for more.

> I found an article
> :http://www.open.com.au/pipermail/radiator/2008-December/015237.html
> suggesting to use my $callingstationid =
> ${$p}->{outerRequest}->get_attr('Attribute_name');

I'd say this case is a bit different from yours which causes teh problem
below.

> However that result in the error ERR: Error in PreProcessingHook():
> Can't call method "get_attr" on an undefined value at

The PreProcssingHook tries to replace the anonymous User-Name in the
Accounting-Request with the real username from the inner PEAP
authentication identity. Since this there is no inner or outer request,
you should be able to use ${$p}->get_attr('Attribute_name');

> in combination with: my $callingstationid =
> $dbh->quote(${$p}->getAttrByName('Calling-Station-Id')); This seems to
> work how ever changing the Radius.pm is not the most maintainable method.

Here this should work too:
$dbh->quote(${$p}->get_attr('Calling-Station-Id'));

> Is there a proper way to do this that i missed or just did not think about?

If you take a look at goodies/eap_peap.cfg in Radiator 4.13 and the hook
itself, you need to notice how the hook detects if it is called as
PostAuthHook or PreProcessingHook. The first is for the authentication
phase where you can use ${$p}->{outerRequest}->get_attr('...') to access
RADIUS attributes from the incoming RADIUS request while inside the PEAP
inner authentication.

The second hook, PreProcessingHook, skips everything else than
accounting and has no outerRequest.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.


More information about the radiator mailing list