Rewriting wimax calling-station-id with perl

James T Mugauri james at africonnect.co.zm
Wed Oct 5 20:15:44 CEST 2011


Hi,

As you are undoubtedly aware, the ubuntu/debian package of freeradius 
comes without the wimax module (despite having the wimax module) 
installed. My own attempts to compile/install/build deb package for 
ubuntu always die with the infamous "undefined reference to 
`lt_preloaded_symbols'" that apparently has even Alan opting to forsake 
libtool.

Because many people would still like to implement mac authentication on 
a wimax network, I was wondering whether the c subroutine that does this 
in the module:

     /*
      *    Fix Calling-Station-Id.  Damn you, WiMAX!
      */
     vp =  pairfind(request->packet->vps, PW_CALLING_STATION_ID);
     if (vp && (vp->length == 6)) {
         int i;
         uint8_t buffer[6];

         memcpy(buffer, vp->vp_octets, 6);

         /*
          *    RFC 3580 Section 3.20 says this is the preferred
          *    format.  Everyone *SANE* is using this format,
          *    so we fix it here.
          */
         for (i = 0; i < 6; i++) {
             fr_bin2hex(&buffer[i], &vp->vp_strvalue[i * 3], 1);
             vp->vp_strvalue[(i * 3) + 2] = '-';
         }

         vp->vp_strvalue[(5*3)+2] = '\0';
         vp->length = (5*3)+2;

         DEBUG2("rlm_wimax: Fixing WiMAX binary Calling-Station-Id to %s",
                buffer);
     }

can be easily translated to perl to rewrite the calling-station-id (only 
when it does not meet the standard), as that module works fine and is 
correctly compiled?

If so, would anyone here be able to mash up a few lines of perl code to 
this end? Please? I, unfortunately am not familiar enough with c to 
translate the logic behind the code above flawlessly.

Hopefully,

JamesTM

Irrationally held truths may be more harmful than reasoned errors.
   - Thomas H. Huxley


On 10/05/2011 02:10 PM, freeradius-users-request at lists.freeradius.org 
wrote:
> Send Freeradius-Users mailing list submissions to
> 	freeradius-users at lists.freeradius.org
>
> To subscribe or unsubscribe via the World Wide Web, visit
> 	http://lists.freeradius.org/mailman/listinfo/freeradius-users
> or, via email, send a message with subject or body 'help' to
> 	freeradius-users-request at lists.freeradius.org
>
> You can reach the person managing the list at
> 	freeradius-users-owner at lists.freeradius.org
>
> When replying, please edit your Subject line so it is more specific
> than "Re: Contents of Freeradius-Users digest..."
>
>
> Today's Topics:
>
>     1. Re: FreeRadius with Eduroam - Accounting (Alan DeKok)
>     2. Re: MySQL and FreeRADIUS environment (tonimanel)
>     3. Re: FreeRadius with Eduroam - Accounting (Phil Mayers)
>     4. Mac access mixed ldap access same NAS (Alejandro Gandara)
>     5. Re: MySQL and FreeRADIUS environment (Fajar A. Nugraha)
>     6. Re: MySQL and FreeRADIUS environment (tonimanel)
>     7. MySQL and FreeRADIUS environment (tonimanel)
>     8. Re: MySQL and FreeRADIUS environment (Alan DeKok)
>     9. Re: MySQL and FreeRADIUS environment (tonimanel)
>
>
> ----------------------------------------------------------------------
>
> Message: 1
> Date: Wed, 05 Oct 2011 12:09:39 +0200
> From: Alan DeKok<aland at deployingradius.com>
> Subject: Re: FreeRadius with Eduroam - Accounting
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID:<4E8C2CE3.7000802 at deployingradius.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> Arran Cudbard-Bell wrote:
>> It's a bad way of doing it. At least with replicate every accounting packet has a chance... Using Acct-Delay-Time you'll end up dumping anywhere between 1-15 seconds accounting data for all realms if one realm is unreachable.
>    <shrug>
>
> 	if (Packet-Transmit-Counter>  5) {
> 		ok
> 	} else {
> 		... proxy ...
> 	}
>
>    If the home server doesn't get it after 5 tries, throw it away.
>
>    In 2.1.10&  later, IIRC.
>
>    Alan DeKok.
>
>
> ------------------------------
>
> Message: 2
> Date: Wed, 5 Oct 2011 03:49:16 -0700 (PDT)
> From: tonimanel<antoniofernandez at fabergames.com>
> Subject: Re: MySQL and FreeRADIUS environment
> To: freeradius-users at lists.freeradius.org
> Message-ID:<1317811756198-4872269.post at n5.nabble.com>
> Content-Type: text/plain; charset=us-ascii
>
> My FreeRADIU version is 2.1.10 on Debian. Suggest me update? Or is a valid
> verstion to work and implement freeradius replication with radrelay?
>
> Thanks,
>
> --
> View this message in context: http://freeradius.1045715.n5.nabble.com/MySQL-and-FreeRADIUS-environment-tp4845985p4872269.html
> Sent from the FreeRadius - User mailing list archive at Nabble.com.
>
>
> ------------------------------
>
> Message: 3
> Date: Wed, 05 Oct 2011 11:50:12 +0100
> From: Phil Mayers<p.mayers at imperial.ac.uk>
> Subject: Re: FreeRadius with Eduroam - Accounting
> To: freeradius-users at lists.freeradius.org
> Message-ID:<4E8C3664.5070000 at imperial.ac.uk>
> Content-Type: text/plain; charset=ISO-8859-1; format=flowed
>
> On 05/10/11 09:56, Arran Cudbard-Bell wrote:
>> On 5 Oct 2011, at 10:40, Phil Mayers wrote:
>>
>>> On 10/05/2011 09:26 AM, Alan DeKok wrote:
>>>> Phil Mayers wrote:
>>>>> I guess that's ok, in that it stops an unresponsive realm
>>>>> blocking other realms, but wouldn't another solution be to add
>>>>> a config item to the detail reader to drop packets which are>X
>>>>> seconds old?
>>>> if (Acct-Delay-Time>    3600) { ok } else { ... do proxy .... }
>>>
>>> Ah ha! Clever. I had forgotten the detail reader created/updated
>>> that attribute. Yay FreeRADIUS!
>> It's a bad way of doing it. At least with replicate every accounting
>> packet has a chance... Using Acct-Delay-Time you'll end up dumping
>> anywhere between 1-15 seconds accounting data for all realms if one
>> realm is unreachable.
> Whereas with rlm_replicate, you risk dropping arbitrary accounting
> packets because there is no retry. There is no ideal solution, because
> radius accounting was never designed for the kind of loosely-coupled
> federation that is Eduroam.
>
> For me, since most Eduroam sites don't care about receiving federated
> accounting, my primary concern is for my server to carry on functioning,
> and that means the detail file should not grow without bound. I don't
> really care how that happens - as long as it does.
>
>
>
> ------------------------------
>
> Message: 4
> Date: Wed, 5 Oct 2011 13:06:33 +0200
> From: Alejandro Gandara<agandara at optaresolutions.com>
> Subject: Mac access mixed ldap access same NAS
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID:
> 	<CAF40+uwJa0dZ-3YNcr=QkRu1NUrL6Lhy77W2RhEPDuNWjtbGkg at mail.gmail.com>
> Content-Type: text/plain; charset="iso-8859-1"
>
> Hi list,
>
> does someone know if Its possible mix MAC auth with ldap AUTH in the same
> NAS.
>
> I mean, I have multiple connection to one NAS but a few users will access
> through mac address, and others will access trhough auth ldap + passwords.
>
> Nowadays Ive configured ldap access but I dont know how to configure
> freeradius to allow connect a few users(16-20) trhough mac auth.
>
> As always thanks you very much for your time and peacence.
>
> Regards,
>
> Alejandro G?ndara
> Junior System Administrator
> -------------- next part --------------
> An HTML attachment was scrubbed...
> URL:<https://lists.freeradius.org/pipermail/freeradius-users/attachments/20111005/89d60099/attachment.html>
>
> ------------------------------
>
> Message: 5
> Date: Wed, 5 Oct 2011 18:12:15 +0700
> From: "Fajar A. Nugraha"<list at fajar.net>
> Subject: Re: MySQL and FreeRADIUS environment
> To: FreeRadius users mailing list
> 	<freeradius-users at lists.freeradius.org>
> Message-ID:
> 	<CAG1y0scaQb6etjqx9n2KAk1mxKrqGKgU3=bDsBz5ntaxUuMVYA at mail.gmail.com>
> Content-Type: text/plain; charset=ISO-8859-1
>
> On Wed, Oct 5, 2011 at 4:57 PM, tonimanel
> <antoniofernandez at fabergames.com>  wrote:
>> Hi again,
>>
>> How can I do freeradius replication with radrelay? Do you know any tutorial
>> or howto?
> Have you READ the suggested documentation? For example, Alan said
> "Also, raddb/sites-available/copy-acct-to-home-server"
>
> I also wrote earlier rerarding FR-managed replication: "In this setup
> the user data needs to be synced manually though."
>



More information about the Freeradius-Users mailing list