[RADIATOR] Dynamic client identifier
Eric W. Bates
ericx at whoi.edu
Wed Jan 2 17:01:12 UTC 2019
that looks excellent, thank you.
I will try it this afternoon.
On 1/2/2019 11:02 AM, Heikki Vatiainen wrote:
> On 27/12/2018 21.49, Eric W. Bates wrote:
>
>> # nagios tests
>> <Client netnagios-255>
>> Identifier Phred
>> Secret nagiosfoobar
>> ClientHook sub { \
>> ${$_[0]}->set_identifier('Nagios-'. \
>> ${$_[0]}->get_attr('Called-Station-Id')); \
>> }
>> </Client>
>
> This does not work because it changes Radius message's identity field.
> Client-Identifier in Hanlder refers to Identifier of Client clause that
> matched the incoming Radius message.
>
> You could consider something like this:
>
> <Handler Client-Identifier=myvpn>
> <AuthBy ...>
> Identifier myvpn-authby
> </AuthBy>
> AuthLog authlog-for-vpnusers
> </Handler>
>
> <Handler Client-Identifier=netnagios-255,
> Called-Station-Id=csi-for-vpncheck>
> AuthBy myvpn-authby
> AuthLog authlog-for-nagioscheck
> </Handler>
>
> This example allows you to have a Handler set up only for VPN use.
> Nagios checks would use the same AuthBy, but would not, for example,
> litter the actual VPN user authentication log.
>
> Please let us know if this would work. There could be other ways to do
> it, but I thought the above might be a good way to keep things separated
> but still utilising the common configuration parts.
>
> Thanks,
> Heikki
>
--
Clark 159a, MS 46
508/289-3112
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4188 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20190102/b626e707/attachment.p7s>
More information about the radiator
mailing list