rlm_python: Access Request source IP Address is missing from authorize(p) function argument

Alan DeKok aland at deployingradius.com
Sat May 30 15:21:20 CEST 2020

On May 29, 2020, at 11:28 PM, Gleb Lisikh <in4bit.general at gmail.com> wrote:
> I'd like to be able to work in my python authorize function with the IP
> address of the NAS interface from which Access-Request is received
> (external). From the radiusd -X output this is the A1.A2.A3.A4 address I am
> interested in.
> =========================================
> Received Access-Request Id 7 from A1.A2.A3.A4:54594 to B1.B2.B3.B4:1812
> length 415
> ==========================================
> This is the same IP address that gets tested against shared secret
> configured in clients.conf
> Unfortunately, the tuple (p) that gets passed to the authorize function
> (authorize(p)) by rlm_python has a different (internal) NAS-IP-Address,
> which is of no use to me.

  The attributes which get passed to Python are the ones in the packet.  Not the various IP / UDP headers.

> If radiusd is in principle aware of the A1.A2.A3.A4  IP address I am
> interested in, how can I gain  access to it in my python authorize(p) or
> any other function?

  You can get the source IP and convert it to a real attribute:

	update request {
		Packet-Src-IP-Address := "%{Packet-Src-IP-Address}"

  It's a little weird, but this "realizes" the virtual src IP into a real attribute.

  Alan DeKok.

More information about the Freeradius-Users mailing list