returning a HEX String as a HEX String (bit string) instead of the decimal equivalent - FreeRADIUS 2.1.10

Arran Cudbard-Bell a.cudbardb at freeradius.org
Wed Aug 7 12:21:21 CEST 2013 




On 7 Aug 2013, at 10:56, Alex Sharaz <alex.sharaz at york.ac.uk> wrote:

> Works here just fine. Once you've created the correctly formatted value for the radius attribute FR displays it as an integer but whatever happens in the background the HP switch just "does its  stuff "

Yes the HP switch correctly parses the 4byte octet string sent by the RADIUS server.  There's no magic here, the RADIUS server does not communicate to the NAS that the value was once treated as an integer.

I've already sent you a screenshot of the raw value off list, I'm not sure what else I can do to convince you that this is expected and non-magical behaviour.

I'm honestly not entirely sure why the freeradius dictionary has the attribute as an unsigned int. Possibly for efficiency or for use with systems that already deal with VLAN IDs as native width integers (almost all interpreted languages use integers of a width >= 32bits by default).



> Rgds
> A
> 
> Sent from my iPhone
> 
> On 6 Aug 2013, at 00:39, Andy <andy at brandwatch.com> wrote:
> 
>> Hello,
>> 
>> This is my first post here so please excuse any missed etiquette.
>> 
>> I have read through the wiki's and googled a lot and not found anything.
>> 
>> I have been trying configure our switch ports (HP 2910al) with Tagged VLANs via Egress-VLANID and Egress-VLAN-Name.
>> 
>> The Radius backend is OpenLDAP, and I have tried setting the data type in OpenLDAP to binary, UTF-8 and IA5, but no matter what I do, the value returned by RADIUS is the decimal equivalent of the HEX bit string I enter :(
>> 
>> For example I'm trying to store and send 0x31000012 to indicate a tagged VLAN (0x31) on VLAN 12. But looking at freeradius -X output I can see it sending the decimal number, when the switch wants the bit string as it was stored, and hence throws an error!
>> 
>> Is this a FreeRADIUS thing or an OpenLDAP data type thing?
>> 
>> Any help and advice would be greatly appreciated as I'm stuck.
>> Thanks in advance, Andy.
>> -
>> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list