On 28/04/15 22:47, Alan DeKok wrote:
On Apr 28, 2015, at 1:18 PM, Gerald Vogt <vogt@spamcop.net> wrote:
I thought it has been established it is a bug.
No. If, as you claim, it doesn't work, then it's a bug. The argument here was you haven't shown your claims.
I have attached the full output of a test run of a eap-peap authentication from a new CentOS 7 freeradius-3.0.4-6.el7.x86_64 installation.
As you can see outer.request:Called-Station-SSID and outer.Called-Station-SSID don't return anything but "%{outer.request:Called-Station-SSID}" does.
Because your tests are wrong.
Because I created a test configuration after it was still not considered enough debug output I have posted before. There I accidentally missed the &. My previous tests where in my "real" configuration and included the & as I always copied the text from the previous e-mails and copied the results into my e-mails. Previously it was with & and it showed exactly the same as without &. And that's also why I have missed the missing & in the test configuration: debug output is identical with and without &.
authorize { + update request { + Called-Station-SSID := outer.request:Called-Station-SSID
See "man unlang". This is documented.
This configuration is the same as:
update request { Called-Station-SSID := "outer.request:Called-Station-SSID" }
No. It's not. It definitively not the same. The former does basically nothing. Called-Station-SSID gets no value assigned. The latter assigns the string contained in quotes.
Because you're not doing:
update request { Called-Station-SSID := &outer.request:Called-Station-SSID }
And now I do it and it still doesn't make any difference. The outcome is exactly the same to the one without &.
As is documented by "man unlang".
So all of this back and forth could have been simplified by (a) describing exactly what you're doing, and not "it doesn't get updated", and (b) providing the debug output.
I did that all the time before and it was with & as I also wrote a couple of times before. So here we go again, and as probably noone would believe me if I wrote I only changed this&that to the previous tests I post everything all over again below and attached. I clear the attribute again before each assignment to avoid mixup with previously set values, but yes, I have made tests without that placing only a single assignment in for tests showing the same results as in this big "combined" test. As you can see from the debug output, the same happens with and without ampersand. As you can also see, assigning without ampersand is not the same as assigning as string in double quotes. As you can also see, only the last form gets the real value from the outer. Here are all the changes to the originally distributed files which came from the CentOS 7.1 distribution: I have added those two lines at the end of users: bob Cleartext-Password := "hello" Reply-Message := "Hello, %{User-Name}" and those two diffs: *** sites-available/default 2015-03-06 00:41:49.000000000 +0100 --- sites-enabled/default 2015-04-28 18:04:58.954102428 +0200 *************** *** 331,336 **** --- 331,338 ---- suffix # ntdomain + rewrite_called_station_id + # # This module takes care of EAP-MD5, EAP-TLS, and EAP-LEAP # authentication. *************** *** 517,522 **** --- 519,526 ---- preacct { preprocess + rewrite_called_station_id + # # Merge Acct-[Input|Output]-Gigawords and Acct-[Input-Output]-Octets # into a single 64bit counter Acct-[Input|Output]-Octets64. *** sites-available/inner-tunnel 2015-03-06 00:41:49.000000000 +0100 --- sites-enabled/inner-tunnel 2015-04-29 07:33:02.778593360 +0200 *************** *** 46,51 **** --- 46,115 ---- # Make *sure* that 'preprocess' comes before any realm if you # need to setup hints for the remote radius server authorize { + update request { + Called-Station-SSID !* ANY + Called-Station-SSID := outer.request:Called-Station-SSID + } + if ( Called-Station-SSID ) { + update reply { + Reply-Message += "1: Called-Station-SSID = %{Called-Station-SSID}" + } + } + update request { + Called-Station-SSID !* ANY + Called-Station-SSID := "outer.request:Called-Station-SSID" + } + if ( Called-Station-SSID ) { + update reply { + Reply-Message += "1a: Called-Station-SSID = %{Called-Station-SSID}" + } + } + update request { + Called-Station-SSID !* ANY + Called-Station-SSID := &outer.request:Called-Station-SSID + } + if ( Called-Station-SSID ) { + update reply { + Reply-Message += "1b: Called-Station-SSID = %{Called-Station-SSID}" + } + } + update request { + Called-Station-SSID !* ANY + Called-Station-SSID := outer.Called-Station-SSID + } + if ( Called-Station-SSID ) { + update reply { + Reply-Message += "2: Called-Station-SSID = %{Called-Station-SSID}" + } + } + update request { + Called-Station-SSID !* ANY + Called-Station-SSID := "outer.Called-Station-SSID" + } + if ( Called-Station-SSID ) { + update reply { + Reply-Message += "2a: Called-Station-SSID = %{Called-Station-SSID}" + } + } + update request { + Called-Station-SSID !* ANY + Called-Station-SSID := &outer.Called-Station-SSID + } + if ( Called-Station-SSID ) { + update reply { + Reply-Message += "2b: Called-Station-SSID = %{Called-Station-SSID}" + } + } + update request { + Called-Station-SSID !* ANY + Called-Station-SSID := "%{outer.request:Called-Station-SSID}" + } + if ( Called-Station-SSID ) { + update reply { + Reply-Message += "3: Called-Station-SSID = %{Called-Station-SSID}" + } + } + # # The chap module will set 'Auth-Type := CHAP' if we are # handling a CHAP request and Auth-Type has not already been set -Gerald