Cisco VSA hack

Alan DeKok aland at ox.org
Thu Feb 2 18:05:57 CET 2006


Peter Hicks <peter.hicks at poggs.co.uk> wrote:
> I've set with_cisco_vsa_hack = yes in radiusd.conf on a box running
> FreeRADIUS 1.0.4, but when running "freeradius -X", I still see accounting
> packets with un-hacked Cisco-AVPair entries during debug:
> 
>  rad_recv: Accounting-Request packet from host xxxx:1636, id=198, length=292

  That prints what's in the packet as received.  It happens *long*
before any "with_cisco_vsa_hack" is processed.

  And saying "I've set with_cisco_vsa_hack = yes in radiusd.conf"
confuses the issue.  You set it in the configuration for a module in
radiusd.conf.  So... the logical conclusion would be that it affects
only the module, which isn't being executed until after that debug
output is printed.

  Again, reading debug mode should make this clear.

> Is this output merely the accounting request packet as it's
> received, before preprocessing and the cisco_vsa_hack taking place?

  Yes.  Read the debug output.  The packet is printed, and some time
later the preprocess module is run.

> Can anyone clarify what's happening, please?  I'd be pleasantly surprised if
> I'm wrong and I really can start using the contents of Cisco-AVPairs for
> accounting.

  For accounting... what?  You can already log them to the detail
file.  What else do you want to do?

  Alan DeKok.



More information about the Freeradius-Users mailing list