Make radius dictionary location in the backend configurable through mavis config
72 views
Skip to first unread message
Shin Sterneck
Jul 13, 2016, 9:26:39 AM7/13/16
to Event-Driven Servers
Hi Marc,
there are cases where the default dictionary location of the radius server may not contain the needed dictonaries for the backend.
May I suggest that this becomes configurable in the tac_plus mavis configuration as environment variable?
Something like this:
Authen::Radius->load_dictionary() --> Authen::Radius->load_dictionary($RADIUS_DICT_LOCATION)
the default location seems to be "/etc/raddb/dictionary" according to the documentation
Best Regards,
Shin
Marc Huber
Jul 13, 2016, 1:38:28 PM7/13/16
to event-driv...@googlegroups.com
Hi Shin,
well ... that might be useful, but I'm not familiar with these
corner cases, and I'd pretty much expect Authen::Radius to know
where it can find its dictionary, so this looks like some workaround
for a broken Perl installation.
Nevertheless, it's easy enough to implement. The next snapshot (due in a couple of minutes) comes with the patch below applied.
Thanks,
Marc
diff -u -r1.20 mavis_tacplus_radius.pl
--- mavis_tacplus_radius.pl 2015/10/03 17:23:15 1.20
+++ mavis_tacplus_radius.pl 2016/07/13 17:28:01
@@ -19,6 +19,7 @@
my $RADIUS_HOST = 'localhost';
my $RADIUS_SECRET = 'secret';
my $RADIUS_GROUP_ATTR = undef;
+my $RADIUS_DICTIONARY = undef;
my ($ACCESS_REQUEST, $ACCESS_ACCEPT);
@@ -35,6 +36,7 @@
$RADIUS_HOST = $ENV{'RADIUS_HOST'} if exists $ENV{'RADIUS_HOST'};
$RADIUS_SECRET = $ENV{'RADIUS_SECRET'} if exists $ENV{'RADIUS_SECRET'};
+$RADIUS_DICTIONARY = $ENV{'RADIUS_DICTIONARY'} if exists $ENV{'RADIUS_DICTIONARY'};
if ($ACCESS_REQUEST) {
$RADIUS_GROUP_ATTR = $ENV{'RADIUS_GROUP_ATTR'} if exists $ENV{'RADIUS_GROUP_ATTR'};
@@ -50,7 +52,7 @@
die unless defined $radius;
if ($ACCESS_REQUEST) {
- Authen::Radius->load_dictionary();
+ Authen::Radius->load_dictionary($RADIUS_DICTIONARY);
}
use lib '/usr/local/lib/mavis';
Nevertheless, it's easy enough to implement. The next snapshot (due in a couple of minutes) comes with the patch below applied.
Thanks,
Marc
diff -u -r1.20 mavis_tacplus_radius.pl
--- mavis_tacplus_radius.pl 2015/10/03 17:23:15 1.20
+++ mavis_tacplus_radius.pl 2016/07/13 17:28:01
@@ -19,6 +19,7 @@
my $RADIUS_HOST = 'localhost';
my $RADIUS_SECRET = 'secret';
my $RADIUS_GROUP_ATTR = undef;
+my $RADIUS_DICTIONARY = undef;
my ($ACCESS_REQUEST, $ACCESS_ACCEPT);
@@ -35,6 +36,7 @@
$RADIUS_HOST = $ENV{'RADIUS_HOST'} if exists $ENV{'RADIUS_HOST'};
$RADIUS_SECRET = $ENV{'RADIUS_SECRET'} if exists $ENV{'RADIUS_SECRET'};
+$RADIUS_DICTIONARY = $ENV{'RADIUS_DICTIONARY'} if exists $ENV{'RADIUS_DICTIONARY'};
if ($ACCESS_REQUEST) {
$RADIUS_GROUP_ATTR = $ENV{'RADIUS_GROUP_ATTR'} if exists $ENV{'RADIUS_GROUP_ATTR'};
@@ -50,7 +52,7 @@
die unless defined $radius;
if ($ACCESS_REQUEST) {
- Authen::Radius->load_dictionary();
+ Authen::Radius->load_dictionary($RADIUS_DICTIONARY);
}
use lib '/usr/local/lib/mavis';
Shin Sterneck
Jul 13, 2016, 7:12:22 PM7/13/16
to Event-Driven Servers
Hi Marc,
you raise a good point here, which I'll relay to the Authen::Radius author as well!
Thanks for implementing this so quickly! Amazing!
Best Regards,
Shin
Reply all
Reply to author
Forward
0 new messages