Hello Heikki, Hello Dave - Correct.
Historically we had a PreClientHook and a PreHandlerHook in the Client clause(s), however when vendors began encrypting attributes, we needed to provide a hook that fired after the attributes were decoded. Hence we came up with the ClientHook that can be specified globally (for all clients) and/or per-client. regards Hugh On 21 Aug 2010, at 06:58, Heikki Vatiainen wrote: > On 08/20/2010 11:03 PM, Dave Kitabjian wrote: >> Does anyone know where the "ClientHook" fits in this order-of-execution >> sequence? > > Seems to be between steps 6 and 7. The global ClientHook runs first and > right after that the client specific ClientHook is called. > > I also noticed that at least with version 4.7, the secret is checked > after the hooks run, so the hooks can catch even those requests where > the authenticator check fails. So even if the request fails with "Bad > authenticator in request from ..." log message, the request would still > have been available for processing with ClientHook(s). > >> *http://open.com.au/radiator/ref.pdf* >> >> * * >> >> *1. *Server started >> >> *2. **StartupHook *called >> >> *3. *Request received from NAS >> >> *4. *Global RewriteUsernames applied >> >> *5. **PreClientHook *called >> >> *6. *Client clause selected >> >> *7. *Client RewriteUsernames applied >> >> *8. *Duplicate detection done >> >> *9. **PreHandlerHook *called >> >> *10. *Handler selected >> >> *11.**PreProcessingHook *called >> >> *12. *Handler’s RewriteUsername and RewriteFunction applied >> >> *13. *Session database updated (accounting requests only) >> >> *14. *Accounting log files (AcctLogFileName and WtmpFileName) written >> >> *15.**PreAuthHook *called >> >> *16. *AuthBy clauses invoked >> >> *17.**PostAuthHook *called >> >> *18. *Statistics updated >> >> *19.PostProcessingHook *called (if there is a reply to be sent) >> >> *Integration* >> >> >> >> >> >> _______________________________________________ >> radiator mailing list >> radiator@open.com.au >> http://www.open.com.au/mailman/listinfo/radiator > > > -- > Heikki Vatiainen, Arch Red Oy > +358 44 087 6547 > _______________________________________________ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator NB: Have you read the reference manual ("doc/ref.html")? Have you searched the mailing list archive (www.open.com.au/archives/radiator)? Have you had a quick look on Google (www.google.com)? Have you included a copy of your configuration file (no secrets), together with a trace 4 debug showing what is happening? -- Radiator: the most portable, flexible and configurable RADIUS server anywhere. Available on *NIX, *BSD, Windows, MacOS X. Includes support for reliable RADIUS transport (RadSec), and DIAMETER translation agent. - Nets: internetwork inventory and management - graphical, extensible, flexible with hardware, software, platform and database independence. - CATool: Private Certificate Authority for Unix and Unix-like systems. _______________________________________________ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
