[RADIATOR] Feature request of sort: client, nas and proxy IP for Blacklisted users ?
Tuure Vartiainen
vartiait at open.com.au
Tue Mar 28 10:15:20 UTC 2017
Hello,
> On 27 Mar 2017, at 15:02, Patrik Forsberg <patrik.forsberg at ip-only.se> wrote:
>
> I am using the Blacklist feature to block the most commonly used "bad" users so they won't even get into the password routine but trying to figure out from which router/NAS the login attempt was done is a hassle today with having to up the trace and filter through the debug log. Would it be possible to add NAS IP, Client IP and possibly the Proxy(if one was used) IP to the log message ?
> "Access rejected for 888888: Blacklisted" is sort of anonymous ..
>
you can define FailureFormat configuration option for AuthLog where you can include wanted variables.
https://www.open.com.au/radiator/ref/SpecialCharacters.html#SpecialCharacters
Example config
# AuthLog FILE
<AuthLog FILE>
Identifier My-AuthLog-File
# Log accepts
LogSuccess 1
# Log format for accept
SuccessFormat %l ACCEPT user=%u from=%c nas=%N client=%{Request:Calling-Station-Id}
# Log failures
LogFailure 1
# Log format for failures
FailureFormat %l REJECT user=%u from=%c nas=%N client=%{Request:Calling-Station-Id}
# Auth log file
Filename %L/auth-%Y-%m-%d.log
</AuthLog>
# Default Handler
<Handler>
Identifier My-Default-Handler
# Blacklist
AuthBy AuthBy-Blacklist
# Actual authentication
AuthBy ...
# AuthLog to be used
AuthLog My-AuthLog-File
</Handler>
Logging used RADIUS proxy requires using ReplyHook and NoReplyHook to include proxy’s
address in a request or reply.
https://www.open.com.au/radiator/ref/ReplyHook.html#ReplyHook
https://www.open.com.au/radiator/ref/NoReplyHook.html#NoReplyHook
Example for AuthBy RADIUS
ReplyHook sub { ${$_[2]}->add_attr('OSC-Last-Proxy-Address', (Radius::Util::unpack_sockaddr_in(${$_[3]}->{SendTo}))[1] ); }
NoReplyHook sub { ${$_[0]}->add_attr('OSC-Last-Proxy-Address', (Radius::Util::unpack_sockaddr_in(${$_[1]}->{SendTo}))[1] ); }
and then you can use %{Request:OSC-Last-Proxy-Address} in AuthLog’s SuccessFormat and FailureFormat directives.
Logging a failure for a proxied request which was never replied requires Radiator 4.17 which includes NoReplyReject config option
https://www.open.com.au/radiator/ref/NoReplyReject_AuthByRADIUS.html#NoReplyReject_AuthByRADIUS
BR
--
Tuure Vartiainen <vartiait at open.com.au>
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
More information about the radiator
mailing list