FR 2.2.1 issue

A.L.M.Buxey at lboro.ac.uk A.L.M.Buxey at lboro.ac.uk
Wed Sep 18 21:39:39 CEST 2013


Hi,

>   Can you supply any more information?

yes. I think I've got to the crux of this matter already. i think theres been a change to
the case handling... this is what the old server had


<some logic in place to say if User-Name matches the following regex then set a Realm value>

then

   	switch "%{Realm}" {
         	case "NULL" {
        	}
        	case "local" {
           		eap {
                        	ok = return
	                }
        	}
		case "youth.org" {
                	update control {
                        	Proxy-To-Realm := "youth.org"
                	}
                	update request {
                       		Realm := "youth.org"
                	}
        	}
	        case "ecb-captive" {
                       update control {
                                Proxy-To-Realm := "ecb-captive"
                        }
                        update request {
                                Realm := "ecb-captive"
                        }
		}

		etc etc

note the 'local' handler.

now, what this resulted in was this (tiny snipper of radiusd -X)

++switch %{Realm} {
	expand: %{Realm} -> local
++switch %{Realm} {
+++case local {
[eap] EAP packet type response id 0 length 17
[eap] No EAP Start, assuming it's an on-going EAP conversation
++++[eap] = updated
+++} # case local = updated
+++case youth.org {
++++update control {
++++} # update control = noop
++++update request {
++++} # update request = noop
+++} # case youth.org = updated
++} # switch %{Realm} = updated
[eap] Request is supposed to be proxied to Realm youth.org.  Not doing EAP.



....ah! err, urk.  local requests were being proxied off to another server...which
wasnt expecting them ot the realm etc so was barfing...and our server had lots
of dead proxy attempts...timing out..and hence the duplicates.

if changed the unlang to:


   	switch "%{Realm}" {
         	case "NULL" {
        	}
        	case "local" {
                        update control {
                                Proxy-To-Realm := "local"
                        }
                        update request {
                                Realm := "local"
                        }
		}
		case "youth.org" {
                	update control {
                        	Proxy-To-Realm := "youth.org"
                	}
                	update request {
                       		Realm := "youth.org"
                	}
        	}
		...etc etc

and all appears to be working fine now.... so is the code at fault...or was the original
unlang only just working due to luck/fortune (I didnt write it....but its based on earlier
stuff that I did create - the reason for doing regex/unlang and case statements is to ensure
we're in control of the proxy realm decision and now edge/corner cases creep in. 

many thanks

alan


More information about the Freeradius-Devel mailing list