Unstructured Attr-26 in unlang

Alan DeKok aland at deployingradius.com
Tue Mar 28 17:34:04 CEST 2017


On Mar 28, 2017, at 10:47 AM, Brian Candler <b.candler at pobox.com> wrote:
> 
> (FreeRADIUS 3.0.13 under CentOS)
> 
> I am trying to deal with a broken device (Aten) which requires an unstructured attribute 26 [^1].

  They deserve to be shamed.  There is just no excuse for this kind of stupidity.

> Tue Mar 28 14:01:27 2017 : Error: /etc/raddb/policy.d/localpolicy[155]: Invalid vendor name in attribute name "0x73752f61646d696e6973747261746f72"\

  That's... bizarre.  I've tracked it down and pushed a fix to the error message.

  But the underlying issue is still the same.  The LHS is being converted from Attr-26 to Vendor-Specific, and then tries to parse the RHS as a VSA... which doesn't work.

  We've put some time into fixing this in v4:

https://github.com/FreeRADIUS/freeradius-server/issues/1883

> And if I try this:
> 
>      update reply {
>        &Attr-26 = "su/administrator"
>      }
> 
> Tue Mar 28 14:25:56 2017 : Error: /etc/raddb/policy.d/localpolicy[154]: Must use 'Attr-26 = ...' instead of 'Vendor-Specific = ...'
> 
> That's an even stranger error: I *am* using Attr-26 like it says!!

  That's due to the auto-conversion again.  I'll take a look...

> Any suggestions how I can get this to work, other than switching from unlang to files module?

  Use the files module for now.  The unlang fixes may take a day or so.

  Alan DeKok.




More information about the Freeradius-Users mailing list