radclient CoA and salt-encrypted attributes
Bjørn Mork
bjorn at mork.no
Thu Dec 13 13:27:00 CET 2007
Hello,
We've been strugglig with CoA and LI on Juniper E-series. The problem
is that JUNOSe by default require a few salt-encrypted VSAs also when
using CoA, which means that they must be encrypted using an accounting
request authenticator.
But the salt-encryption code in libfreeradius bails out unless it is
answering a request:
bmork at xxxx:~/test$ bin/radclient -x -d share/freeradius e320:1700 coa secret -f testfiles/coa2
radclient: Failed to send packet for ID 243: ERROR: No request packet, cannot encrypt ERX-Med-Port-Number attribute in the vp.
Sending CoA-Request of id 243 to 192.168.65.42 port 1700
Acct-Session-Id = "GigabitEthernet 1/0/3.100:100:0005245984"
ERX-Med-Port-Number = 1984
The attached patch will use an accounting request authenticator when
salt-encrypting for accounting, disconnect or coa. It has been verified
to work against JUNOSe 7.3.4:
bmork at xxxx:~/test$ bin/radclient -x -d share/freeradius e320:1700 coa secret -f testfiles/coa2
Sending CoA-Request of id 37 to 192.168.65.42 port 1700
Acct-Session-Id = "GigabitEthernet 1/0/3.100:100:0005246741"
ERX-Med-Port-Number = 1984
ERX-LI-Action = on
ERX-Med-Ip-Address = 10.0.0.2
ERX-Med-Dev-Handle = 0x4000dead
rad_recv: CoA-ACK packet from host 192.168.65.42 port 1700, id=37, length=20
Is this something that could be added to the source? Is the routine
still to file a bug and attach the patch?
Bjørn
-------------- next part --------------
A non-text attachment was scrubbed...
Name: freeradius-HEAD-coa.diff
Type: text/x-diff
Size: 1560 bytes
Desc: not available
URL: <http://lists.freeradius.org/pipermail/freeradius-devel/attachments/20071213/e9cbc541/attachment.diff>
More information about the Freeradius-Devel
mailing list