[RADIATOR] Copying OSC-Client-Identifier to Client-Identifier
Hugh Irvine
hugh at open.com.au
Thu Dec 21 05:51:01 UTC 2017
Hello Vangelis -
As Tuure shows, his way is much preferable - you really shouldn’t change the Identifier in the Client clause.
Just use the OSC-Client-Identifier in your Handler’s.
regards
Hugh
> On 21 Dec 2017, at 00:05, Vangelis Kyriakakis <vkyriak at forthnet.gr> wrote:
>
> Hi Tuure,
>
> Thanks for the answer.
> Actually I have a configuration where a RADIUS server receives some
> requests directly from the clients and some other requests through a
> proxy RADIUS server from the same clients.
> So, at the proxy server I have some Client clauses which categorize
> the clients using different Client-Identifiers which are passed to the
> final RADIUS server through the OSC-Client-Identifier attribute.
> The final RADIUS server has the same Client clauses, plus a clause
> for the proxy RADIUS server in which I copy the OSC-Client-Identifier to
> Client-Identifier (using a PreHandlerHook), in order to be able to pass
> the requests through the same handlers which use the Client-Identifier
> as a check item:
>
>
> <Client ...>
> # Proxy server as client
> PreHandlerHook file:"%D/ProxyClient.pl"
> </Client>
>
> ProxyClient.pl:
> sub
> {
> my $p = ${$_[0]};
> my $client = $p->get_attr('OSC-Client-Identifier');
> $p->{Client}->{Identifier}=$client;
> }
>
> <Client ...>
> Identifier Client1
> </Client>
>
> <Handler Client-Identifier=Client1>
> ....
> </Handler>
>
> So I want requests that follow the paths
>
> Client1->Final RADIUS
>
> OR
>
> Client1->proxy RADIUS->Final RADIUS
>
> to be handled by the above Handler.
>
> Is this a safe solution?
>
> Regards
> Vangelis
> On 20/12/2017 1:35 μμ, Tuure Vartiainen wrote:
>> Hi,
>>
>>> On 20 Dec 2017, at 8.27, Vangelis Kyriakakis <vkyriak at forthnet.gr> wrote:
>>>
>>> Is there a way to copy OSC-Client-Identifier which comes from a proxy
>>> RADIATOR server to Client-Identifier using a PrehandlerHook at the final
>>> RADIATOR server.
>>>
>> Client-Identifier is Radius::Client object’s Identifier attribute’s value,
>> and is accessible through Radius::Radius request object in a following way
>>
>> $p->{Client}->{Identifier}
>>
>> You should not assign a value to it as $p->{Client} is a reference to
>> Radius::Client object from which the request was received and it would
>> overwrite that Client’s Identifier’s value.
>>
>> If you wan’t to unify usage of OSC-Client-Identifier attribute
>> and local Client-Identifier, you could add Client’s Identifier to
>> OSC-Client-Identifier attribute if the request does not have one.
>>
>> E.g.
>>
>> <Client ...>
>> Identifier SomeClient
>>
>> ...
>>
>> # Add Client’s Identifier to OSC-Client-Identifier
>> # if a request does not have one
>> AddToRequestIfNotExist OSC-Client-Identifier=%{Client:Identifier}
>> </Client>
>>
>> ...
>>
>> <Handler OSC-Client-Identifier=SomeClient>
>> ...
>> </Handler>
>>
>>
>> BR
>
> _______________________________________________
> radiator mailing list
> radiator at lists.open.com.au
> http://lists.open.com.au/mailman/listinfo/radiator
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list