Hello everyone -
We have recently put together a number of hooks for various customers who have
graciously agreed to make them available to all Radiator users.
The four hooks that are included in these examples implement various ways of
dealing with Request and Reply attributes according to different criteria.
The first two examples are designed to work together, with a StartupHook to
initialiase a GlobalVar array, and a PostAuthHook to add selected attributes
according to a "Profile" pseudo-attribute definition.
The StartupHook getProfiles is a hook which reads a file and
stores Profile definitions in an internal memory array. Each Profile is a
single colon (":") delimited line of the form:
Profile:Identifier:Attributes
Profile is the symbolic name of this Profile. Identifer is a key which in this
case is the Identifer that has been set on a per Client basis. And Attributes
is a list of attribute = value pairs seperated by commas (",").
The PostAuthHook replaceProfiles replaces the symbolic Profile name that was
returned for the user in an SQL query, with the corresponding attributes for
the Client that the request was received from.
The way these hooks are used is as follows. Each Client clause has an Identifer
set for it which indicates what sort of NAS it is - Ascend, Cisco, etc. Each
user record has a symbolic Profile name which indicates what type of customer
this is - ie. mail only, local web only, VPN, etc.
The ProfileDefs file read by getProfiles contains the corresponding attributes
required for each combination of NAS type and customer type. The file is read
once at Startup (or restart).
The symolic Profile name is replaced by the corresponding attribute strings by
the PostAuthHook replaceProfiles after a successful authentication (assuming
that both the Client Identifer and customer Profile have been set correctly).
The hooks are designed for use with Radiator 2.15 and are used as follows:
# configuration using getProfiles and replaceProfiles
.....
DefineGlobalVar ProfileDefs "%D/profile_definitions_file"
StartupHook file:"%D/getProfiles"
....
<Client 1.2.3.4>
Identifer Ascend
Secret ....
</Client>
<Client 5.6.7.8>
Identifier Cisco
Secret ....
</Client>
....
<Handler ....>
<AuthBy ....>
....
</AuthBy>
PostAuthHook file:"%D/replaceProfiles"
</Handler>
....
The third example is a PreClientHook that can be used with Cisco 5800 NAS's and
other Cisco equipment that sends Cisco-NAS-Port attributes instead of NAS-Port
attributes in Radius requests. This is useful to avoid changing existing
Radiator functionality that makes use of the NAS-Port attribute (SQL session
database for example).
This hook is used in the configuration file like this:
# configuration using PreClientHook alterNASPort
....
PreClientHook file:"%D/alterNASPort"
....
<Client 1.2.3.4>
Identifer Cisco
Secret ....
</Client>
The fourth example is a PostAuthHook to strip a selected attribute from a Reply.
In this case the user database includes all possible attributes for all
possible NAS equipment and the PostAuthHook removes a selected attribute
depending on the NAS that sent the request. This hook can be easily modified to
remove any number of attributes.
This hook is used in the configuration file like this:
# configuration using PostAuthHook stripSelectedAttribute
....
<Handler ....>
<AuthBy ....>
....
</AuthBy>
PostAuthHook file:"%D/stripSelectedAttribute"
</Handler>
....
We trust these example hooks will prove useful to you.
regards
Hugh
--
Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, Interbiller, TACACS+, PAM, external, etc, etc.
Available on Unix, Linux, FreeBSD, Windows 95/98/2000, NT, MacOS X.
===
Archive at http://www.starport.net/~radiator/
Announcements on [EMAIL PROTECTED]
To unsubscribe, email '[EMAIL PROTECTED]' with
'unsubscribe radiator' in the body of the message.
