[RADIATOR] (Radiator) Filtering log Message

2012-02-22 Thread G.N.
Hi All,

i would like to know if is possible to filter Authlog entry, logging all except 
access from certain username.

Here my AuthLog conf


Identifier tL
Filename %L/Auth
LogSuccess 1
LogFailure 0
SuccessFormat %d-%m-%Y %H:%M:%S,%U,%{NAS-Identifier},%N


Thank's.

G.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator


Re: [RADIATOR] (Radiator) Filtering log Message

2012-02-22 Thread Heikki Vatiainen
On 02/22/2012 01:25 PM, G.N. wrote:

> i would like to know if is possible to filter Authlog entry, logging all 
> except access from certain username.

Unfortunately that is not possible.

> Here my AuthLog conf
> 
> 
> Identifier tL
> Filename %L/Auth
> LogSuccess 1
> LogFailure 0
> SuccessFormat %d-%m-%Y %H:%M:%S,%U,%{NAS-Identifier},%N
> 

There are a couple of possibilities:
1. Use a script, based on grep or something similar, to filter
everything else except of the usernames you are interested in.

2. You could experiment with a named pipe
http://en.wikipedia.org/wiki/Named_pipe

Create a named pipe with mkfifo command and create a process that reads
the named fifo. For example:

% while :; do cat Auth|grep -v hvn ; done

This will print out only LogSuccess lines that do not contain 'hvn'. The
while loop is needed because radiusd closes the file after each write.

Note that possibility 1 is the best especially if you are not familiar
with handling named pipes. For example, you should watch file
permissions and keep the reader process running all the time or radiusd
will block waiting for the reader.

Thanks!
Heikki


> Thank's.
> 
> G.
> ___
> radiator mailing list
> radiator@open.com.au
> http://www.open.com.au/mailman/listinfo/radiator


-- 
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator


Re: [RADIATOR] Authenticating Devices...

2012-02-22 Thread Heikki Vatiainen
On 02/22/2012 01:56 AM, Shay Smith wrote:

> I've got a working config that authenticates users connecting via Wifi.
> Their credentials are compared against our LDAP database. I'm having
> trouble figuring out how to get a non-login device to have access over
> the same AP. I would like to know how to get a network device on the
> network without requiring a login. I'd really like to compare it's MAC
> address or IP address against a list in MySQL.

You could consider using AuthenticateAttribute and/or NoCheckPassword
(see ref.pdf for more) to change how username lookup is done and if
password checking is needed. Be sure to check Trace 4 log to see how the
SQL queries and Radiator behaviour changes with the above options.

This might be the way to go if you can not configure your wlan gear to
send mac address as username as Mike suggested.

Thanks!
Heikki


-- 
Heikki Vatiainen 

Radiator: the most portable, flexible and configurable RADIUS server
anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald,
Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS,
TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP,
DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS,
NetWare etc.
___
radiator mailing list
radiator@open.com.au
http://www.open.com.au/mailman/listinfo/radiator