[RADIATOR] Adding vendor identifier from sql/file ?
Hugh Irvine
hugh at open.com.au
Tue Feb 21 08:45:27 UTC 2017
Hello Patrik -
Nice to hear from you btw…
If you already have the IP addresses and the corresponding device type to be used as the Identifier in an SQL database, it would be trivial to generate the list of Client devices with a ClientListSQL statement to instantiate them at run time.
See section 5.10 in the Radiator 4.16 reference manual (“doc/ref.pdf”).
And yes the Identifier is available for both RADIUS and TACACS (you should do some tests though of course).
See the corresponding sections in the manual.
Otherwise, yes there is a PreClientHook, and a ClientHook. Note that a global ClientHook will be run by all Client’s.
cheers
Hugh
> On 21 Feb 2017, at 19:03, Patrik Forsberg <patrik.forsberg at ip-only.se> wrote:
>
> Hi,
>
> Then I'd need to add a client clause for a couple of thousand devices and their respective secret instead of the current setup where most use "default" and only a couple of exceptions. I'm guessing it would be quicker to use "default" for most and add an extra step that just inject a identification of some kind ? I could be wrong ofc!
> I'm already using sql for "exception" clients so if that is "quick enough" then I guess then implementation is pretty straightforward .. but is the client identifier transferred even when a tacacs client is connecting or only for radius requests ?
>
> Regards,
> Patrik Forsberg
>
>> -----Original Message-----
>> From: Hugh Irvine [mailto:hugh at open.com.au]
>> Sent: den 20 februari 2017 23:31
>> To: Patrik Forsberg <patrik.forsberg at ip-only.se>
>> Cc: radiator at lists.open.com.au
>> Subject: Re: [RADIATOR] Adding vendor identifier from sql/file ?
>>
>>
>> Hi Patrik -
>>
>> Why would you not just use an Identifier in the Client clauses?
>>
>> cheers
>>
>> Hugh
>>
>>
>>> On 21 Feb 2017, at 02:53, Patrik Forsberg <patrik.forsberg at ip-only.se>
>> wrote:
>>>
>>> Hello,
>>>
>>> Is there a "simple" way to add an attribute to Tacacs/Radius requests from
>> a sql/file containing for example <ip> and <identifier> ?
>>> Say for example
>>> ip = 192.0.2.1
>>> vendor = Extreme
>>>
>>> ?
>>>
>>> Preferably without modifying the client clause .. perhaps a pre/post-client
>> hook or something ? important is that it has to be working for both tacacs and
>> radius .. so I can use it as handler trigger..
>>>
>>> Regards,
>>> Patrik Forsberg
>>>
>>>
>>>
>>> _______________________________________________
>>> radiator mailing list
>>> radiator at lists.open.com.au
>>> http://lists.open.com.au/mailman/listinfo/radiator
>>
>>
>> --
>>
>> Hugh Irvine
>> hugh at open.com.au
>>
>> Radiator: the most portable, flexible and configurable RADIUS server
>> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
>> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
>> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
>> DIAMETER, SIM, etc.
>> Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
>
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, MacOSX, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list