[RADIATOR] Dynamic client identifier
Eric W. Bates
ericx at whoi.edu
Fri Jan 4 19:07:36 UTC 2019
Your suggestion is working great. Had a long debug only to realize that
I misspelled "Identifer" [sigh], but now we can build discrete alarms
for each type of authentication.
On 1/2/2019 12:01 PM, Eric W. Bates wrote:
> that looks excellent, thank you.
>
> I will try it this afternoon.
>
> On 1/2/2019 11:02 AM, Heikki Vatiainen wrote:
>> On 27/12/2018 21.49, Eric W. Bates wrote:
>>
>>> # nagios tests
>>> <Client netnagios-255>
>>> Identifier Phred
>>> Secret nagiosfoobar
>>> ClientHook sub { \
>>> ${$_[0]}->set_identifier('Nagios-'. \
>>> ${$_[0]}->get_attr('Called-Station-Id')); \
>>> }
>>> </Client>
>>
>> This does not work because it changes Radius message's identity field.
>> Client-Identifier in Hanlder refers to Identifier of Client clause
>> that matched the incoming Radius message.
>>
>> You could consider something like this:
>>
>> <Handler Client-Identifier=myvpn>
>> <AuthBy ...>
>> Identifier myvpn-authby
>> </AuthBy>
>> AuthLog authlog-for-vpnusers
>> </Handler>
>>
>> <Handler Client-Identifier=netnagios-255,
>> Called-Station-Id=csi-for-vpncheck>
>> AuthBy myvpn-authby
>> AuthLog authlog-for-nagioscheck
>> </Handler>
>>
>> This example allows you to have a Handler set up only for VPN use.
>> Nagios checks would use the same AuthBy, but would not, for example,
>> litter the actual VPN user authentication log.
>>
>> Please let us know if this would work. There could be other ways to do
>> it, but I thought the above might be a good way to keep things
>> separated but still utilising the common configuration parts.
>>
>> Thanks,
>> Heikki
>>
>
--
Clark 159a, MS 46
508/289-3112
-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4188 bytes
Desc: S/MIME Cryptographic Signature
URL: <https://lists.open.com.au/pipermail/radiator/attachments/20190104/0cc932ad/attachment.p7s>
More information about the radiator
mailing list