Last active
August 29, 2015 13:56
-
-
Save liveaverage/8944967 to your computer and use it in GitHub Desktop.
Cisco CDA (formerly Cisco AD Agent) RADIUS Accounting
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
import random, socket, sys, logging | |
import pyrad.packet | |
from pyrad.client import Client | |
from pyrad.dictionary import Dictionary | |
logger = logging.getLogger(__name__) | |
logger.setLevel(logging.DEBUG) | |
#Logger Console Handler | |
ch = logging.StreamHandler() #StreamHandler logs to console | |
ch.setLevel(logging.DEBUG) | |
ch_format = logging.Formatter('%(asctime)s - %(message)s') | |
ch.setFormatter(ch_format) | |
logger.addHandler(ch) | |
#Logger File Handler | |
fh = logging.FileHandler(".\{0}.log".format(__name__)) | |
fh.setLevel(logging.WARNING) | |
fh_format = logging.Formatter('%(asctime)s - %(name)s - %(levelname)-8s - %(message)s') | |
fh.setFormatter(fh_format) | |
logger.addHandler(fh) | |
def SendPacket(srv, req): | |
try: | |
srv.SendPacket(req) | |
logger.info("Successfully sent accounting packet") | |
except pyrad.client.Timeout: | |
logger.warning("RADIUS server does not reply") | |
sys.exit(1) | |
except socket.error, error: | |
logger.warning("Network error: " + error[1]) | |
sys.exit(1) | |
def SendRequest(srvs, secret, dictpath, user, domain, ip, origin): | |
#Create a new RADIUS Accounting request and send to all AD Agents | |
if not srvs: | |
logger.warning("No AD Agent servers") | |
sys.exit(1) | |
if not user: | |
logger.warning("No User received for mapping") | |
sys.exit(1) | |
if not ip: | |
logger.warning("No IP received for mapping") | |
sys.exit(1) | |
if not origin: | |
logger.info("No origin received. Defaulting to host address") | |
origin = socket.gethostbyname(socket.gethostname()) | |
for ads in srvs: | |
try: | |
logger.info("Trying %s %s with %s against %s with origin %s" % (user, domain, ip, ads, origin)) | |
srv = Client(server=ads,secret=secret,dict=Dictionary(dictpath)) | |
req = srv.CreateAcctPacket( | |
NAS_IP_Address=origin, | |
Cisco_AVPair=[ | |
"entity-attr:op=update", | |
"entity-attr:entity-id:ip=%s" % ip, | |
"entity-attr:value:user-name=%s" % user, | |
"entity-attr:value:domain=%s" % domain, | |
"entity-attr:value:mapping-type=ctp", | |
"entity-attr:value:mapping-origin=%s" % origin, | |
"entity-attr:value:responds-to-probe=false" | |
]) | |
SendPacket(srv, req) | |
except socket.error, error: | |
logger.warning("Could not send packet (%s - %s) to AD Agent: %s from origin: %s" % (user, ip, ads, origin)) | |
logger.warning("Error: " + error[1]) |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Sample Usage:
import radacct
servers = [ "cdasvr1", "cdasvr2", "cdasvr3" ]
secret = "RadiusSecret"
dictpath = "C:\pyrad-master\example\dictionary"
radacct.SendRequest(srvs=servers, secret=secret, dictpath=dictpath, user="newUserMapping", domain="newUserDomain", ip="172.9.9.9", origin=None)