A.L.M.Buxey@lboro.ac.uk wrote:
hi,
you are still pre-proxy attr filtering?
alan
-
List info/subscribe/unsubscribe? See
http://www.freeradius.org/list/users.html
No, didn't really see the point.. Internal attributes aren't meant to
be proxied, and those are the only ones I really wanted filtering out.
Looks like something very strange is going on with proxying accounting
packets as well.
rad_recv: Accounting-Request packet from host 139.184.8.16 port 1026,
id=225, length=141
Acct-Session-Id = "004E00000019"
Acct-Status-Type = Start
Acct-Authentic = RADIUS
Acct-Delay-Time = 15
NAS-Port = 1
Calling-Station-Id = "00-1B-63-A3-A8-DD"
Event-Type = Framed-User
NAS-IP-Address = 139.184.8.16
NAS-Identifier = "hp-e-its-dev8021x-sw1"
User-Name = "ac221@loopback.sussex.ac.uk"
server default-outer {
+- entering group preacct
++? if ("%{User-Name}" =~ /\\\\?([^@\\\\]+)@?([-[:alnum:]._]*)?$/)
expand: %{User-Name} -> ac221@loopback.sussex.ac.uk
? Evaluating ("%{User-Name}" =~
/\\\\?([^@\\\\]+)@?([-[:alnum:]._]*)?$/) -> TRUE
++? if ("%{User-Name}" =~ /\\\\?([^@\\\\]+)@?([-[:alnum:]._]*)?$/) ->
TRUE
++- entering if ("%{User-Name}" =~
/\\\\?([^@\\\\]+)@?([-[:alnum:]._]*)?$/)
+++? if (!"%{2}"||("%{2}" == 'sussex.ac.uk'))
expand: %{2} -> loopback.sussex.ac.uk
? Evaluating "loopback.sussex.ac.uk" -> FALSE
expand: %{2} -> loopback.sussex.ac.uk
? Evaluating ("%{2}" == 'sussex.ac.uk') -> FALSE
+++? if (!"%{2}"||("%{2}" == 'sussex.ac.uk')) -> FALSE
+++- entering else else
expand: %{1}@%{2} -> ac221@loopback.sussex.ac.uk
++++[request] returns noop
+++- else else returns noop
++- if ("%{User-Name}" =~ /\\\\?([^@\\\\]+)@?([-[:alnum:]._]*)?$/)
returns noop
++ ... skipping else for request 20: Preceding "if" was taken
expand: %{Realm} -> %{2}
++- entering switch %{Realm}
+++- entering case
++++[control] returns noop
++++[request] returns noop
+++- case returns noop
++- switch %{Realm} returns noop
++? if ("%{Called-Station-Id}" =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
expand: %{Called-Station-Id} ->
? Evaluating ("%{Called-Station-Id}" =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> FALSE
++? if ("%{Called-Station-Id}" =~
/^([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([-a-z0-9_.]*)?/i)
-> FALSE
++? if ("%{Calling-Station-Id}" =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
expand: %{Calling-Station-Id} -> 00-1B-63-A3-A8-DD
? Evaluating ("%{Calling-Station-Id}" =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
++? if ("%{Calling-Station-Id}" =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
-> TRUE
++- entering if ("%{Calling-Station-Id}" =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
expand: %{1}%{2}%{3}%{4}%{5}%{6} -> 001B63A3A8DD
+++[request] returns noop
++- if ("%{Calling-Station-Id}" =~
/([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2,})[-:]?([0-9a-f]{2})[-:]?([0-9a-f]{2})/i)
returns noop
++? if ("%{NAS-Port-Id}" =~ /wl[0-9]*/)
expand: %{NAS-Port-Id} ->
? Evaluating ("%{NAS-Port-Id}" =~ /wl[0-9]*/) -> FALSE
++? if ("%{NAS-Port-Id}" =~ /wl[0-9]*/) -> FALSE
++? if (("%{NAS-Port-Type}" == 'Wireless-802.11')||("%{NAS-Port-Type}"
== 'Ethernet'))
expand: %{NAS-Port-Type} ->
?? Evaluating ("%{NAS-Port-Type}" == 'Wireless-802.11') -> FALSE
expand: %{NAS-Port-Type} ->
?? Evaluating ("%{NAS-Port-Type}" == 'Ethernet') -> FALSE
++? if (("%{NAS-Port-Type}" == 'Wireless-802.11')||("%{NAS-Port-Type}"
== 'Ethernet')) -> FALSE
++? if ("%{NAS-IP-Address}" == '127.0.0.1')
expand: %{NAS-IP-Address} -> 139.184.8.16
? Evaluating ("%{NAS-IP-Address}" == '127.0.0.1') -> FALSE
++? if ("%{NAS-IP-Address}" == '127.0.0.1') -> FALSE
expand: %{Client-Shortname} -> hp-e-its-dev8021x-sw1
++[request] returns noop
rlm_acct_unique: WARNING: Attribute Client-IP-Address was not found in
request, unique ID MAY be inconsistent
rlm_acct_unique: Hashing ',NAS-Port = 1,NAS-IP-Address =
139.184.8.16,Acct-Session-Id = "004E00000019",User-Name =
"ac221@loopback.sussex.ac.uk"'
rlm_acct_unique: Acct-Unique-Session-ID = "67d4bffd71faf76b".
++[acct_unique] returns ok
+- entering group accounting
expand: /var/log/radiusd/%Y%m%d/accounting-detail-%H:00 ->
/var/log/radiusd/20080205/accounting-detail-12:00
rlm_detail: /var/log/radiusd/%Y%m%d/accounting-detail-%H:00 expands to
/var/log/radiusd/20080205/accounting-detail-12:00
expand: %{Packet-Src-IP-Address} - %t -> 139.184.8.16 - Tue Feb 5
12:49:09 2008
++[accounting_log] returns ok
expand: %{Stripped-User-Name} -> ac221@loopback.sussex.ac.uk
expand: %{%{Stripped-User-Name}:-%{%{User-Name}:-DEFAULT}} ->
ac221@loopback.sussex.ac.uk
rlm_sql (sql): sql_set_user escaped user -->
'ac221@loopback.sussex.ac.uk'
expand: %{Acct-Delay-Time} -> 15
expand: INSERT INTO radacct
(acctsessionid, acctuniqueid, username,
realm, nasidentifier, nasipaddress,
nasportid, nasporttype, acctstarttime,
acctstoptime, acctsessiontime, acctauthentic,
connectinfo_start, connectinfo_stop, acctinputoctets,
acctoutputoctets, calledstationid, calledstationssid,
callingstationid, acctterminatecause, servicetype,
framedprotocol, framedipaddress, acctstartdelay,
acctstopdelay ) VALUES ('%{Acct-Session-Id}',
'%{Acct-Unique-Session-Id}',
'%{SQL-User-Name}', '%{Realm}', '%{NAS-Identifier}',
'%{NAS-IP-Address}', '%{NAS-Port}', '%{NAS-Port-Type}',
'%S', '0', '0', '%{Acct-Authentic}',
'%{Connect-Info}', '', '0', '0',
'%{Called-Station-Id}','%{Called-Station-SSID}','%{Calling-Station-Id}',
'', '%{Service-Type}', '%{Framed-Protocol}',
'%{Framed-IP-Address}', '%{%{Acct-Delay-Time}:-0}', '0')
-> INSERT INTO radacct (acctsessionid,
acctuniqueid, username, realm,
nasidentifier, nasipaddress, nasportid,
nasporttype, acctstarttime, acctstoptime,
acctsessiontime, acctauthentic, connectinfo_start,
connectinfo_stop, acctinputoctets, acctoutputoctets,
calledstationid, calledstationssid, callingstationid,
acctterminatecause, servicetype, framedprotocol,
framedipaddress, acctstartdelay, acctstopdelay
) VALUES ('004E00000019',
'67d4bffd71faf76b',
'ac221@loopback.sussex.ac.uk', 'jrs',
'hp-e-its-dev8021x-sw1', '139.184.8.16', '1', '',
'2008-02-05 12:49:09', '0', '0', 'RADIUS',
'', '', '0', '0', '','','001B63A3A8DD',
'', 'Framed-User', '', '', '15', '0')
rlm_sql (sql): Reserving sql socket id: 19
rlm_sql (sql): Released sql socket id: 19
++[sql] returns ok
expand: %{User-Name} -> ac221@loopback.sussex.ac.uk
attr_filter: Matched entry DEFAULT at line 12
++[attr_filter.accounting_response] returns updated
} # server default-outer
+- entering group pre-proxy
expand: /var/log/radiusd/%Y%m%d/pre-proxy-detail-%H:00 ->
/var/log/radiusd/20080205/pre-proxy-detail-12:00
rlm_detail: /var/log/radiusd/%Y%m%d/pre-proxy-detail-%H:00 expands to
/var/log/radiusd/20080205/pre-proxy-detail-12:00
expand: %{Packet-Src-IP-Address} - %t -> 139.184.8.16 - Tue Feb 5
12:49:09 2008
++[pre_proxy_log] returns ok
Where have all the attributes gone ?!!?
Sending Accounting-Request of id 180 to 194.82.174.185 port 1813
Proxy-State = 0x323235
Proxying request 20 to home server 194.82.174.185 port 1813
Sending Accounting-Request of id 180 to 194.82.174.185 port 1813
Realm = "jrs"
Proxy-State = 0x323235
Going to the next request
Waking up in 0.9 seconds.
Waking up in 14.0 seconds.
Rejecting request 17 due to lack of any response from home server
194.82.174.185 port 1813