2.0.0 documentation for radiusd.conf.

Thu Jun 14 15:55:03 CEST 2007

Alan Dekok wrote:
> Arran Cudbard-Bell wrote:
> ...
>>          if(("%{2}" == "") || ("%{2}" == "sussex.ac.uk")){
> 
>   You don't need to check if strings are empty like that.  You can do:
> 
> 	if (!"%{2}" || ...
> 
>   which may be easier to read.
> 
>> Oh and empty case statements screw things up in strange and weird ways...
> 
>   I think much of that is just an issue with it not printing the right
> thing in debug mode.
> 
>> case local with content
>>
>> ++- entering switch %{Realm}
>> +++- entering case local
>>          expand: %{Packet-Src-IP-Address} -> 139.184.6.42
>>          expand: %{Packet-Src-IP-Address} -> 139.184.6.42
> ...
> 
>   Not sure why that's happening...
> 
>> But thats pretty minor compared with the bus issue... still trying to 
>> track down whats causing it ... = works fine := breaks ...
> 
>   I just don't see that.  Can you narrow it down to a particular packet,
> and a 5-6 line config?

rad_recv: Access-Request packet from host 139.184.6.42 port 1141, id=42, 
length=151
         User-Name = "ac221"
         NAS-IP-Address = 127.0.0.1
         NAS-Port = 1
         Called-Station-Id = "00-14-C2-B6-7D-32:eduroam"
         Calling-Station-Id = "00-19-E3-0C-CD-58"
         Framed-MTU = 1400
         NAS-Port-Type = Wireless-802.11
         Connect-Info = "CONNECT 54Mbps 802.11g"
         EAP-Message = 0x0200000a016163323231
         Message-Authenticator = 0xae11e154e1819b9fde40d27a0147ad04
   Processing the authorize section of radiusd.conf
+- entering group authorize
++? if ("%{NAS-IP-Address}" == "127.0.0.1")
         expand: %{NAS-IP-Address} -> 127.0.0.1
? Evaluating ("%{NAS-IP-Address}" == "127.0.0.1") -> TRUE
++? if ("%{NAS-IP-Address}" == "127.0.0.1") -> TRUE
++- entering if ("%{NAS-IP-Address}" == "127.0.0.1")
         expand: %{Packet-Src-IP-Address} -> 139.184.6.42
Bus error

*narrowed*

authorize {
# Some devices send their loopback address as Nas IP Address, overwrite 
this with packet source.
if("%{NAS-IP-Address}" == "127.0.0.1"){
     update request {
         NAS-IP-Address := "%{Packet-Src-IP-Address}"
     }
}
}
> 
> 
>> HP530s Don't send a service-type in the request, they also send their 
>> loopback address as NAS-IP-Address ?! And they do a weird thing with 
>> appending the SSID to the called-station-id ...
> 
>   That last bit is actually supposed to happen.
> 

Ah, ok.

>> HP 2626 switches, with firmware revision H.10.35 get the first 10 chars 
>> of their own mac address right, then screw up the last two ...
> 
>   Wow...

Yes, last two octets bare no resemblance what-so-ever to the base mac 
*impressed*

-- 
Arran Cudbard-Bell (A.Cudbard-Bell at sussex.ac.uk)
Authentication, Authorisation and Accounting Officer
Infrastructure Services | ENG1 E1-1-08
University Of Sussex, Brighton
EXT:01273 873900 | INT: 3900