[RADIATOR] (Radiator) Filtering log Message
Hi All, i would like to know if is possible to filter Authlog entry, logging all except access from certain username. Here my AuthLog conf Identifier tL Filename %L/Auth LogSuccess 1 LogFailure 0 SuccessFormat %d-%m-%Y %H:%M:%S,%U,%{NAS-Identifier},%N Thank's. G. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] (Radiator) Filtering log Message
On 02/22/2012 01:25 PM, G.N. wrote: > i would like to know if is possible to filter Authlog entry, logging all > except access from certain username. Unfortunately that is not possible. > Here my AuthLog conf > > > Identifier tL > Filename %L/Auth > LogSuccess 1 > LogFailure 0 > SuccessFormat %d-%m-%Y %H:%M:%S,%U,%{NAS-Identifier},%N > There are a couple of possibilities: 1. Use a script, based on grep or something similar, to filter everything else except of the usernames you are interested in. 2. You could experiment with a named pipe http://en.wikipedia.org/wiki/Named_pipe Create a named pipe with mkfifo command and create a process that reads the named fifo. For example: % while :; do cat Auth|grep -v hvn ; done This will print out only LogSuccess lines that do not contain 'hvn'. The while loop is needed because radiusd closes the file after each write. Note that possibility 1 is the best especially if you are not familiar with handling named pipes. For example, you should watch file permissions and keep the reader process running all the time or radiusd will block waiting for the reader. Thanks! Heikki > Thank's. > > G. > ___ > radiator mailing list > radiator@open.com.au > http://www.open.com.au/mailman/listinfo/radiator -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator
Re: [RADIATOR] Authenticating Devices...
On 02/22/2012 01:56 AM, Shay Smith wrote: > I've got a working config that authenticates users connecting via Wifi. > Their credentials are compared against our LDAP database. I'm having > trouble figuring out how to get a non-login device to have access over > the same AP. I would like to know how to get a network device on the > network without requiring a login. I'd really like to compare it's MAC > address or IP address against a list in MySQL. You could consider using AuthenticateAttribute and/or NoCheckPassword (see ref.pdf for more) to change how username lookup is done and if password checking is needed. Be sure to check Trace 4 log to see how the SQL queries and Radiator behaviour changes with the above options. This might be the way to go if you can not configure your wlan gear to send mac address as username as Mike suggested. Thanks! Heikki -- Heikki Vatiainen Radiator: the most portable, flexible and configurable RADIUS server anywhere. SQL, proxy, DBM, files, LDAP, NIS+, password, NT, Emerald, Platypus, Freeside, TACACS+, PAM, external, Active Directory, EAP, TLS, TTLS, PEAP, TNC, WiMAX, RSA, Vasco, Yubikey, MOTP, HOTP, TOTP, DIAMETER etc. Full source on Unix, Windows, MacOSX, Solaris, VMS, NetWare etc. ___ radiator mailing list radiator@open.com.au http://www.open.com.au/mailman/listinfo/radiator