proxy problems with 2.0.5
Pshem Kowalczyk
pshem.k at gmail.com
Tue Jun 10 02:02:23 CEST 2008
Hi,
For some reason the module returns noop ;-( I tried the following:
I created new 'files' instance:
files post_proxy_files {
usersfile = ${confdir}/post-proxy-users
acctusersfile = ${confdir}/post-proxy-users
auth_usersfile = ${confdir}/post-proxy-users
postproxy_usersfile = ${confdir}/post-proxy-users
postauth_usersfile = ${confdir}/post-proxy-users
}
(yes it's an overkill, I just tried to figure out which file is the
one to be read during that phase)
The post-proxy-users has the following syntax:
DEFAULT NAS-IP-Address == '10.119.255.244'
Cisco-AVpair += "ip:dns-servers=x.y.129.67 x.y.129.68",
Framed-Pool += "wc-1",
Huawei-Primary-DNS += "x.y.129.67",
Huawei-Secondary-DNS += "x.y.129.68"
(which is the same as the 'auth' section, without the Proxy-To-Realm statement).
and the post-proxy section:
post-proxy {
post_proxy_files
$INCLUDE post-proxy.conf
attr_filter.post-proxy
# reply_log
}
During the debug I get the following:
Going to the next request
rad_recv: Access-Accept packet from host 127.0.0.1 port 1815, id=175, length=57
IHUG-Speed-Down = "64"
IHUG-Speed-Up = "64"
Framed-Protocol = PPP
Service-Type = Framed-User
Proxy-State = 0x323339
+- entering group post-proxy
++[post_proxy_files] returns noop
Which suggests that the module didn't find anything worth dwelling on.
So I made a small experiment - replaced the entry in the users file with:
DEFAULT Framed-Protocol == PPP
Cisco-AVpair += "ip:dns-servers=x.y.129.67 x.y.129.68",
Framed-Pool += "ihug-wc-1",
Huawei-Primary-DNS += "x.y.129.67",
Huawei-Secondary-DNS += "x.y.129.68"
(to match the reply from the home server) and I got exactly what I wanted:
+- entering group post-proxy
postproxy_users: Matched entry DEFAULT at line 4
++[post_proxy_files] returns ok
and it returned the whole answer.
Reading rlm_files.c I found the following:
static int file_postproxy(void *instance, REQUEST *request)
{
struct file_instance *inst = instance;
return file_common(inst, request, "postproxy_users",
inst->postproxy_users,
request->proxy_reply->vps, &request->reply->vps);
}
does that mean that in fact looks for the match only in the
'proxy-reply' packet?
I guess the easiest way to fix this is to use unlang to update the
reply packet based on information from either control or request
attributes.
kind regards
Pshem
More information about the Freeradius-Users
mailing list