[RADIATOR] Possibility to rewrite username into unique string (eg. out of request attributes like 'Calling-Station-Id')
Hugh Irvine
hugh at open.com.au
Tue Jan 15 04:30:34 UTC 2019
Hello Christian -
I would probably do something like this (example only):
…….
# process accounting requests
<Handler Request-Type = Accounting-Request>
PreProcessingHook sub \
{ \
my $p = ${$_[0]}; \
my $username = $p -> get_attr('User-Name'); \
return unless $username =~ /^guest$/; \
my $callingid = $p -> get_attr('Calling-Station-Id'); \
$username = "$callingid\@public-hotspot"; \
$p -> change_attr('User-Name', $username); \
return; \
}
<AuthBy INTERNAL>
DefaultResult ACCEPT
</AuthBy>
AcctLogFileName %L/accounting
</Handler>
…….
Please let me know how you get on.
regards
Hugh
> On 14 Jan 2019, at 20:12, Christian Meutes <christian at errxtx.net> wrote:
>
> Hello Hugh,
>
> On Mon, Jan 14, 2019 at 5:07 AM Hugh Irvine <hugh at open.com.au> wrote:
> Yes there are several ways of doing this - can you please send me an example trace 4 debug showing what you get in the access requests?
>
> And also tell me what you would like to use as the username?
>
> currently I'm focusing on accounting-requests only and ideally it would use the Calling-Station-Id as the local-part of the username while the realm would be set to a fixed string so that the username "guest" would be rewritten to something like "00:00:5E:00:53:12 at public-hotspot".
>
> Mon Jan 14 03:07:18 2019
> User-Name = "guest"
> NAS-Port = 13
> NAS-IP-Address = 192.0.2.1
> Framed-IP-Address = 192.0.2.2
> Framed-IPv6-Prefix = 2001:DB8::/64
> Framed-IPv6-Prefix = 2001:DB8::/64
> Framed-IPv6-Prefix = fe80::/64
> NAS-Identifier = "some-ac"
> Airespace-WLAN-Id = 10
> Acct-Session-Id = "5c3b8019/00:00:5E:00:53:12/358203"
> NAS-Port-Type = Wireless-IEEE-802-11
> cisco-avpair = "audit-session-id=0a381bfb0006aca35c3b7fba"
> Acct-Authentic = Local
> Tunnel-Type = 0:VLAN
> Tunnel-Medium-Type = 0:802
> Tunnel-Private-Group-ID = 1620
> Event-Timestamp = 1547431627
> Acct-Status-Type = Alive
> Acct-Input-Octets = 50287684
> Acct-Input-Gigawords = 0
> Acct-Output-Octets = 1546124170
> Acct-Output-Gigawords = 0
> Acct-Input-Packets = 374646
> Acct-Output-Packets = 1200190
> Acct-Session-Time = 28338
> Acct-Delay-Time = 0
> Calling-Station-Id = "00:00:5E:00:53:12"
> Called-Station-Id = "00:00:5E:00:53:11:hotspot"
> Timestamp = 1547431638
>
>
> Thanks!
>
>
> Kind regards
> --
> Christian
--
Hugh Irvine
hugh at open.com.au
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER, SIM, etc.
Full source on Unix, Linux, Windows, macOS, Solaris, VMS, NetWare etc.
More information about the radiator
mailing list