Proxy replies not getting to/past proxy

Kristina Pfaff-Harris kristina at greatbasin.net
Mon Nov 14 18:59:35 CET 2005


On Fri, 11 Nov 2005, Alan DeKok wrote:

>   Are the attributes being received by the proxy?  If so, which module
> is deleting them?
> 
>   Debug mode should tell you more...

Okey doke. I dunno why I didn't see this before, but I did some more 
testing in debug mode and found that User at realm was not returning the 
attributes I thought it should, whereas just plain "User" was.

I double-checked the attrs file, and it looked like the problem was that I
was expecting, e.g. "Login-Host" where, instead, I was getting
"Login-IP-Host." Since we are using the new dictionary with 1.0.5, I
really should have thought of differences in dictionary names for
attributes.

One problem that I haven't figured out yet, is this: after I worked out
the name thing and put "Login-IP-Host" in attrs, I did have it set to the
same IP as the radius profile, but the attribute still did not go through.  
I ended up doing "Login-IP-Host =* ANY"  which I'm not totally thrilled
with, but which probably isn't going to hurt much.

So. Possibly a minor bug in rlm_attr_filter that's not recognizing it when
I put in the actual IP, or a bug in the documentation not mentioning
special circumstances for IP addresses and Login-IP-Host, or a bug in my
thinking not understanding the documentation? Any ideas?

Also, I didn't see anything in doc/rlm_attr_filter about this but maybe
there could be a note in there saying something like "If you have
attributes in the attrs file and they are still getting filtered,
double-check the attribute names in your current dictionary. E.g. what you
expect to be Login-Host may be Login-IP-Host and Service-Type may be
User-Service-Type or User-Service."

Um ... that is if I'm not completely off base about why it wasn't working 
before. :-)

Thanks again for the suggestion to try debug mode again, Alan. Dang it, I 
swear I did, but I just didn't see it before.

Kristina



More information about the Freeradius-Users mailing list