Hi Hugh,<div><br></div><div>Forgot to add that if we modify ServerTACACSPLUS.pm to include:</div><div><br></div><div> $self->{Identifier} = $client->{Identifier}</div><div><span class="Apple-tab-span" style="white-space:pre"> </span>if $client && !defined $self->{Identifier};</div>
<div><br></div><div>Then we can use the $p->{Client}->{Identifier}.</div><div><br></div><div>Is there any reason why the Identifier couldn't be added to ServerTACACSPLUS.pm?</div><div><br></div><div>Here is the diff:</div>
<div><br></div><div><div>*** ServerTACACSPLUS.pm 2009-04-10 06:56:32.000000000 +0100</div><div>--- ServerTACACSPLUS.pm 2009-04-23 08:07:34.2908</div><div>50000 +0100</div><div>***************</div><div>*** 289,294 ****</div>
<div>--- 289,297 ----</div><div> $client = &Radius::Client::findAddress(Radius::Util::inet_pton($self->{pee</div><div>raddr}))</div><div> unless $client;</div><div><br></div><div>+ $self->{Identifier} = $client->{Identifier}</div>
<div>+ if $client && !defined $self->{Identifier};</div><div>+</div><div> $self->{Key} = $client->{TACACSPLUSKey}</div><div> if $client && !defined $self->{Key};</div><div> $self->{Key} = $parent->{Key}</div>
</div><div><br></div><div>Cheers</div><div>Steve<br><br><div class="gmail_quote">On Thu, Apr 23, 2009 at 7:39 AM, Steve Rogers <span dir="ltr"><<a href="mailto:sterogers@gmail.com">sterogers@gmail.com</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex;">Hi Hugh,<div><br></div><div>We have this in the PostAuthHook code - shown below. Also I've attached a debug output extract showing the Client Identifier being null. And the Client definition. If we do a data dumper of $p->{Client} we don't see the Identifier.</div>
<div><br></div><div>Any further suggestions we could look at?</div><div><br></div><div><div><Client 192.168.X.X></div><div> Identifier noncisco</div><div> TACACSPLUSKey XXXXXX</div><div></Client></div>
<div><br></div></div><div><div>sub</div><div>{</div><div><span style="white-space:pre"> </span>my $p = ${$_[0]};</div><div><span style="white-space:pre"> </span>my $rp = ${$_[1]};</div>
<div><span style="white-space:pre"> </span>my $result = ${$_[2]};</div><div><br></div><div><span style="white-space:pre"> </span>my $authGrp;</div><div><span style="white-space:pre"> </span>my $tacAttr = 'tacplusgrp';</div>
<div><span style="white-space:pre"> </span></div><div><span style="white-space:pre"> </span>if (($result == $main::ACCEPT) && ($authGrp = $rp->get_attr($tacAttr))) </div>
<div><span style="white-space:pre"> </span>{</div><div><span style="white-space:pre"> </span>my $clientId = $p->{Client}->{Identifier};</div><div><span style="white-space:pre"> </span>&main::log($main::LOG_DEBUG, "Client Identifier = $clientId");<span style="white-space:pre"> </span></div>
<div><span style="white-space:pre"> </span>$authGrp .= '-'.$clientId;</div><div><span style="white-space:pre"> </span>$rp->change_attr($tacAttr, "$authGrp");</div>
<div><span style="white-space:pre"> </span>&main::log($main::LOG_DEBUG, "TACACS group = $authGrp");</div><div><span style="white-space:pre"> </span>}</div><div>
}</div><div><br></div><div><br></div><div><div>Thu Apr 23 07:26:19 2009: DEBUG: Handling request with Handler ''</div><div>Thu Apr 23 07:26:19 2009: DEBUG: Deleting session for sr, 192.168.0.99,</div><div>Thu Apr 23 07:26:19 2009: DEBUG: Handling with Radius::AuthFILE:</div>
<div>Thu Apr 23 07:26:19 2009: DEBUG: Reading users file /Radiator/users</div><div>Thu Apr 23 07:26:19 2009: DEBUG: Radius::AuthFILE looks for match with sr [sr]</div><div>Thu Apr 23 07:26:19 2009: DEBUG: Expiration date converted to: 1264723200</div>
<div>Thu Apr 23 07:26:19 2009: DEBUG: Radius::AuthFILE ACCEPT: : sr [sr]</div><div>Thu Apr 23 07:26:19 2009: DEBUG: AuthBy FILE result: ACCEPT,</div><div>Thu Apr 23 07:26:19 2009: DEBUG: Client Identifier =</div><div>Thu Apr 23 07:26:19 2009: DEBUG: TACACS group = TACACSAdmins-</div>
<div>Thu Apr 23 07:26:19 2009: DEBUG: Access accepted for sr</div><div>Thu Apr 23 07:26:19 2009: DEBUG: Packet dump:</div><div>*** Reply to TACACSPLUS request:</div><div>Code: Access-Accept</div><div>Identifier: UNDEF</div>
<div>Authentic: _<240><12><227><155><2><196>2<145><171><144>><194><20>y<227></div><div>Attributes:</div><div> tacplusgrp = TACACSAdmins-</div>
<div><br></div><div>Thu Apr 23 07:26:19 2009: DEBUG: TacacsplusConnection result Access-Accept</div><div>Thu Apr 23 07:26:19 2009: DEBUG: TacacsplusConnection Authentication REPLY 1, 0,</div><div> ,</div><div>Thu Apr 23 07:26:19 2009: DEBUG: TacacsplusConnection request 192, 2, 1, 0, 2, 6</div>
<div>3</div></div><div><br></div><div>Cheers</div><div>Steve</div><div><div></div><div class="h5"><div><br></div><br><div class="gmail_quote">On Thu, Apr 23, 2009 at 1:51 AM, Hugh Irvine <span dir="ltr"><<a href="mailto:hugh@open.com.au" target="_blank">hugh@open.com.au</a>></span> wrote:<br>
<blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><br>
Hi Steve -<br>
<br>
Try this:<br>
<br>
.....<br>
<br>
my $identifer = $p->{Client}->{Identifier};<br>
<br>
.....<br>
<br>
regards<br>
<br>
Hugh<div><div></div><div><br>
<br>
<br>
On 22 Apr 2009, at 22:14, Steve Rogers wrote:<br>
<br>
</div></div><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><div><div></div><div>
Hi,<br>
<br>
We are using Radiator 4.4 with patches and attempting to get the Client-Identifier and use this in a hook as part of a Handler, but it doesn't seem to be available. Doing a bit of debug, we see the following line from ServerTACACSPLUS.pm and we can retrieve the Client-Identifier at this point but appears that when the module creates the fake radius request and we look at the object passed to the PostAuthHook (${$_[0]} we cant seem to get this.<br>
<br>
$tp->{Client} = $self; # So you can use Client-Identifier check items<br>
<br>
Is this possible? Or is there a simple mechanism to use the originating Client-Identifier from the Client that the TACACS request came from?<br>
<br>
Appreciate any help or advise.<br>
<br>
Cheers<br>
Steve<br></div></div>
_______________________________________________<br>
radiator mailing list<br>
<a href="mailto:radiator@open.com.au" target="_blank">radiator@open.com.au</a><br>
<a href="http://www.open.com.au/mailman/listinfo/radiator" target="_blank">http://www.open.com.au/mailman/listinfo/radiator</a><br>
</blockquote>
<br>
<br>
<br>
NB:<br>
<br>
Have you read the reference manual ("doc/ref.html")?<br>
Have you searched the mailing list archive (<a href="http://www.open.com.au/archives/radiator" target="_blank">www.open.com.au/archives/radiator</a>)?<br>
Have you had a quick look on Google (<a href="http://www.google.com" target="_blank">www.google.com</a>)?<br>
Have you included a copy of your configuration file (no secrets),<br>
together with a trace 4 debug showing what is happening?<br>
Have you checked the RadiusExpert wiki:<br>
<a href="http://www.open.com.au/wiki/index.php/Main_Page" target="_blank">http://www.open.com.au/wiki/index.php/Main_Page</a><br>
<br>
-- <br>
Radiator: the most portable, flexible and configurable RADIUS server<br>
anywhere. Available on *NIX, *BSD, Windows, MacOS X.<br>
Includes support for reliable RADIUS transport (RadSec),<br>
and DIAMETER translation agent.<br>
-<br>
Nets: internetwork inventory and management - graphical, extensible,<br>
flexible with hardware, software, platform and database independence.<br>
-<br>
CATool: Private Certificate Authority for Unix and Unix-like systems.<br>
<br>
<br>
</blockquote></div><br></div></div></div>
</blockquote></div><br></div>