[RADIATOR] Dynamic client identifier

[Heikki Vatiainen]

On 27/12/2018 21.49, Eric W. Bates wrote:

> # nagios tests
> <Client netnagios-255>
>      Identifier        Phred
>      Secret        nagiosfoobar
>      ClientHook        sub {    \
>                       ${$_[0]}->set_identifier('Nagios-'. \
>                       ${$_[0]}->get_attr('Called-Station-Id')); \
>              }
> </Client>

This does not work because it changes Radius message's identity field. 
Client-Identifier in Hanlder refers to Identifier of Client clause that 
matched the incoming Radius message.

You could consider something like this:

<Handler Client-Identifier=myvpn>
    <AuthBy ...>
       Identifier myvpn-authby
   </AuthBy>
   AuthLog authlog-for-vpnusers
</Handler>

<Handler Client-Identifier=netnagios-255, 
Called-Station-Id=csi-for-vpncheck>
   AuthBy myvpn-authby
   AuthLog authlog-for-nagioscheck
</Handler>

This example allows you to have a Handler set up only for VPN use. 
Nagios checks would use the same AuthBy, but would not, for example, 
litter the actual VPN user authentication log.

Please let us know if this would work. There could be other ways to do 
it, but I thought the above might be a good way to keep things separated 
but still utilising the common configuration parts.

Thanks,
Heikki

-- 
Heikki Vatiainen <hvn at open.com.au>

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, TACACS+, PAM, Active Directory,
EAP, TLS, TTLS, PEAP, WiMAX, RSA, Vasco, Yubikey, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, etc.