Hi, I'm using freeradius version 1.3. I need to send CoA requests to a Juniper-ERX containing salted VSA "ERX-LI-Action=enable". radclient says it is unable to "salt" this vp's. If someone could help extending radclient or tell me another way how to send salted CoA requests I'd appreciate. Here's what raclient tells: echo "Acct-Session-Id = 0020049806" | radclient -f /sendcoa.txt -x localhost coa test Sending CoA-Request of id 62 to 127.0.0.1 port 1700 ERX-LI-Action = on radclient: Failed to send packet for ID 62: ERROR: No request packet, cannot encrypt ERX-LI-Action attribute in the vp. The input file looks like: ERX-LI-Action=1 ERX-Med-Ip-Address=1.1.1.1 ERX-Med-Dev-Handle=1234 ERX-Med-Port-Number=5061 The dictionary like: ATTRIBUTE ERX-LI-Action 58 integer encrypt=2 ATTRIBUTE ERX-Med-Dev-Handle 59 octets encrypt=2 ATTRIBUTE ERX-Med-Ip-Address 60 ipaddr encrypt=2 ATTRIBUTE ERX-Med-Port-Number 61 integer encrypt=2 Thanks, Raphael __________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Birchmeier Raphael <birchrap@yahoo.com> wrote:
I'm using freeradius version 1.3. I need to send CoA requests to a Juniper-ERX containing salted VSA "ERX-LI-Action=enable".
Does Juniper document that as being possible?
If someone could help extending radclient or tell me another way how to send salted CoA requests I'd appreciate.
The algorithm used for encrypting the salted attributes requires that they only be sent in reply packets. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
Hi Alan, thanks a lot for your response! Juniper states it's possbile in CoA messages. However with hidden commands the requirement for encrypted VSA's can be disabled on the BRAS. But of course this is not what I want outside a lab-enviroment. Can somehow the same SW parts as for radius-reply being used for radclient? Thanks, Raphael --- Alan DeKok <aland@deployingradius.com> wrote:
Birchmeier Raphael <birchrap@yahoo.com> wrote:
I'm using freeradius version 1.3. I need to send CoA requests to a Juniper-ERX containing salted VSA "ERX-LI-Action=enable".
Does Juniper document that as being possible?
If someone could help extending radclient or tell me another way how to send salted CoA requests I'd appreciate.
The algorithm used for encrypting the salted attributes requires that they only be sent in reply packets.
Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
__________________________________________________ Do You Yahoo!? Tired of spam? Yahoo! Mail has the best spam protection around http://mail.yahoo.com
Birchmeier Raphael <birchrap@yahoo.com> wrote:
Juniper states it's possbile in CoA messages.
Ok... HOW? As I said, the algorithm for the encryption is documented as working only for reply packets. It's nice that Juniper has extended this to work elsewhere, but if we don't know how they've extended it, we can't implement the algorithm.
Can somehow the same SW parts as for radius-reply being used for radclient?
Huh? What does that mean? All of the RADIUS code is in libradius, which is used both by the server, and by radclient. Alan DeKok. -- http://deployingradius.com - The web site of the book http://deployingradius.com/blog/ - The blog
participants (2)
-
Alan DeKok -
Birchmeier Raphael