3.0.18: operator = not behaving as expected after proxying to virtual server

Nathan Ward lists+freeradius at daork.net
Sat Apr 6 13:22:30 CEST 2019

> On 6/04/2019, at 11:26 PM, stefan.winter at restena.lu wrote:
> post-proxy {
>        update reply {
>                Cisco-Account-Info = "ASERVICE_INTERNET-DEFAULT",
>                Session-Timeout = 86400,
>                Idle-Timeout = 7200
>        }
>        post_proxy_log
> }

I’m not sure if this is the issue - and you haven’t posted debug info so it’s hard to see what’s happening - but I wonder if the trailing commas causes problems - they’re not something you do in unlang.

> This seems to be a bug: Session timeout is already set, and the = operator should refrain from changing the existing value. And also, it should detect that it is doing something non-RFC compliant by adding it twice.

I don’t know if it’s FR’s job to determine RFC compliance in terms of how many times and attribute is listed. Often, weird stuff like that is required for poorly implemented NASes. It should allow you to configure it to do weird stuff.

Nathan Ward

More information about the Freeradius-Users mailing list