Alan Dekok wrote:
Arran Cudbard-Bell wrote: ...if(("%{2}" == "") || ("%{2}" == "sussex.ac.uk")){You don't need to check if strings are empty like that. You can do: if (!"%{2}" || ... which may be easier to read.Oh and empty case statements screw things up in strange and weird ways...I think much of that is just an issue with it not printing the right thing in debug mode.case local with content ++- entering switch %{Realm} +++- entering case local expand: %{Packet-Src-IP-Address} -> 139.184.6.42 expand: %{Packet-Src-IP-Address} -> 139.184.6.42... Not sure why that's happening...But thats pretty minor compared with the bus issue... still trying to track down whats causing it ... = works fine := breaks ...I just don't see that. Can you narrow it down to a particular packet, and a 5-6 line config?
rad_recv: Access-Request packet from host 139.184.6.42 port 1141, id=42, length=151
User-Name = "ac221"
NAS-IP-Address = 127.0.0.1
NAS-Port = 1
Called-Station-Id = "00-14-C2-B6-7D-32:eduroam"
Calling-Station-Id = "00-19-E3-0C-CD-58"
Framed-MTU = 1400
NAS-Port-Type = Wireless-802.11
Connect-Info = "CONNECT 54Mbps 802.11g"
EAP-Message = 0x0200000a016163323231
Message-Authenticator = 0xae11e154e1819b9fde40d27a0147ad04
Processing the authorize section of radiusd.conf
+- entering group authorize
++? if ("%{NAS-IP-Address}" == "127.0.0.1")
expand: %{NAS-IP-Address} -> 127.0.0.1
? Evaluating ("%{NAS-IP-Address}" == "127.0.0.1") -> TRUE
++? if ("%{NAS-IP-Address}" == "127.0.0.1") -> TRUE
++- entering if ("%{NAS-IP-Address}" == "127.0.0.1")
expand: %{Packet-Src-IP-Address} -> 139.184.6.42
Bus error
*narrowed*
authorize {
# Some devices send their loopback address as Nas IP Address, overwrite
this with packet source.
if("%{NAS-IP-Address}" == "127.0.0.1"){
update request {
NAS-IP-Address := "%{Packet-Src-IP-Address}"
}
}
}
HP530s Don't send a service-type in the request, they also send their loopback address as NAS-IP-Address ?! And they do a weird thing with appending the SSID to the called-station-id ...That last bit is actually supposed to happen.
Ah, ok.
HP 2626 switches, with firmware revision H.10.35 get the first 10 chars of their own mac address right, then screw up the last two ...Wow...
Yes, last two octets bare no resemblance what-so-ever to the base mac *impressed*
-- Arran Cudbard-Bell (A.Cudbard-Bell@sussex.ac.uk) Authentication, Authorisation and Accounting Officer Infrastructure Services | ENG1 E1-1-08 University Of Sussex, Brighton EXT:01273 873900 | INT: 3900