modify NAS-Port in incoming messages
Volodymyr Litovka
doka at funlab.cc
Tue Dec 27 15:41:48 UTC 2022
Hi,
just an addition to the thread - after adding ippool to the
configuration, the same mangle with NAS-Port also required in post-auth
section, to allow ippool match requests during authentication and then
accounting stop events.
Thank you.
On 26.12.2022 19:52, Alan DeKok wrote:
> On Dec 26, 2022, at 1:32 PM, Volodymyr Litovka via Freeradius-Users <freeradius-users at lists.freeradius.org> wrote:
>> I tried with this:
>>
>> update request {
>> Tmp-Octets-0 := "%{md5:%{Acct-Session-ID}}"
>> NAS-Port := "%{integer:Tmp-Octets-0}"
>> }
>>
>> and received the following errors: "ERROR: Type 'octets' of length 32 cannot be converted to integer" which is correct because md5 produces 128 bits while documentation says that integer operates with 64-bit values, but this code:
> The MD5 output is coming in as 22 hex characters. The "integer" expansion should grab the lowest bytes, and ignore the rest, but OK.
>
>
>> update request {
>> Tmp-Octets-0 := "%{md5:%{Acct-Session-ID}}"
>> Tmp-Octets-1 := "%{lpad:&Tmp-Octets-0 19}"
>> NAS-Port := "%{integer:Tmp-Octets-1}"
>> }
>>
>> does the job - it truncates md5 hash to 64-bit representation which can be converted to integer. The result is:
>>
>> root at vpn01:/etc/freeradius/3.0# radwho -r
>> doka,doka,shell,S859124016,Mon 17:40,xxx.xxx.xx.xx,100.100.2.1
> That's good.
>
> Alan DeKok.
>
--
Volodymyr Litovka
"Vision without Execution is Hallucination." -- Thomas Edison
More information about the Freeradius-Users
mailing list