[RADIATOR] Feature request of sort: client, nas and proxy IP for Blacklisted users ?

Tue Mar 28 11:45:35 UTC 2017

Hello Tuure,

Works like a charm.. thanks a lot!
Never even considered authlog .. my bad :|

Regards,
Patrik Forsberg

> -----Original Message-----
> From: Tuure Vartiainen [mailto:vartiait at open.com.au]
> Sent: den 28 mars 2017 12:15
> To: Patrik Forsberg <patrik.forsberg at ip-only.se>
> Cc: radiator at lists.open.com.au
> Subject: Re: [RADIATOR] Feature request of sort: client, nas and proxy IP for
> Blacklisted users ?
> 
> Hello,
> 
> > On 27 Mar 2017, at 15:02, Patrik Forsberg <patrik.forsberg at ip-only.se>
> wrote:
> >
> > I am using the Blacklist feature to block the most commonly used "bad"
> users so they won't even get into the password routine but trying to figure
> out from which router/NAS the login attempt was done is a hassle today with
> having to up the trace and filter through the debug log. Would it be possible
> to add NAS IP, Client IP and possibly the Proxy(if one was used) IP to the log
> message ?
> > "Access rejected for 888888: Blacklisted" is sort of anonymous ..
> >
> 
> you can define FailureFormat configuration option for AuthLog where you
> can include wanted variables.
> 
> https://www.open.com.au/radiator/ref/SpecialCharacters.html#SpecialChar
> acters
> 
> Example config
> 
> # AuthLog FILE
> <AuthLog FILE>
>     Identifier My-AuthLog-File
> 
>     # Log accepts
>     LogSuccess 1
>     # Log format for accept
>     SuccessFormat %l ACCEPT user=%u from=%c nas=%N
> client=%{Request:Calling-Station-Id}
> 
>     # Log failures
>     LogFailure 1
>     # Log format for failures
>     FailureFormat %l REJECT user=%u from=%c nas=%N
> client=%{Request:Calling-Station-Id}
> 
>     # Auth log file
>     Filename %L/auth-%Y-%m-%d.log
> </AuthLog>
> 
> # Default Handler
> <Handler>
>     Identifier My-Default-Handler
> 
>     # Blacklist
>     AuthBy AuthBy-Blacklist
> 
>     # Actual authentication
>     AuthBy ...
> 
>     # AuthLog to be used
>     AuthLog My-AuthLog-File
> </Handler>
> 
> 
> Logging used RADIUS proxy requires using ReplyHook and NoReplyHook to
> include proxy’s
> address in a request or reply.
> 
> https://www.open.com.au/radiator/ref/ReplyHook.html#ReplyHook
> https://www.open.com.au/radiator/ref/NoReplyHook.html#NoReplyHook
> 
> 
> Example for AuthBy RADIUS
> 
> ReplyHook sub { ${$_[2]}->add_attr('OSC-Last-Proxy-Address',
> (Radius::Util::unpack_sockaddr_in(${$_[3]}->{SendTo}))[1] ); }
> NoReplyHook sub { ${$_[0]}->add_attr('OSC-Last-Proxy-Address',
> (Radius::Util::unpack_sockaddr_in(${$_[1]}->{SendTo}))[1] ); }
> 
> and then you can use %{Request:OSC-Last-Proxy-Address} in AuthLog’s
> SuccessFormat and FailureFormat directives.
> 
> 
> Logging a failure for a proxied request which was never replied requires
> Radiator 4.17 which includes NoReplyReject config option
> 
> https://www.open.com.au/radiator/ref/NoReplyReject_AuthByRADIUS.htm
> l#NoReplyReject_AuthByRADIUS
> 
> 
> BR
> --
> Tuure Vartiainen <vartiait at open.com.au>
> 
> Radiator: the most portable, flexible and configurable RADIUS server
> anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
> Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
> TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
> DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
> NetWare etc.