variable expansion in update coa

Chocoflex Mamba burvinch at gmail.com
Wed Aug 29 16:54:02 CEST 2012 

Hi everybody !

I've configured freeradius with an ldap backend. I had to create new
attributes that are sent correctly in the reply. But when i try to put
these attributes in the "update coa", the value of these variable are
empty. I've tried the syntax %<reply>Attribute-Name but it's still empty.
Here the debug output if someone can give me a hint :

 ... adding new socket proxy address * port 54865
 ... adding new socket proxy address * port 44764
Listening on authentication address * port 1812
Listening on accounting address * port 1813
Listening on proxy address * port 1814
Ready to process requests.
rad_recv: Access-Request packet from host 127.0.0.1 port 43501, id=62,
length=93
    User-Name = "testuser"
    User-Password = "mypasswd"
    NAS-IP-Address = 172.20.13.27
    NAS-Port = 0
    Framed-IP-Address = 192.168.1.5
    Acct-Session-Id = "539848"
    Message-Authenticator = 0x92985a75e680a1d422ceb47ba117ea62
# Executing section authorize from file /etc/freeradius/sites-enabled/wol
+- entering group authorize {...}
++[preprocess] returns ok
[chocoldap] performing user authorization for testuser
[chocoldap]     expand: %{Stripped-User-Name} ->
[chocoldap]     ... expanding second conditional
[chocoldap]     expand: %{User-Name} -> testuser
[chocoldap]     expand: (uid=%{%{Stripped-User-Name}:-%{User-Name}}) ->
(uid=testuser)
[chocoldap]     expand: ou=wol,dc=labingesys,dc=lan ->
ou=wol,dc=labingesys,dc=lan
  [chocoldap] ldap_get_conn: Checking Id: 0
  [chocoldap] ldap_get_conn: Got Id: 0
  [chocoldap] attempting LDAP reconnection
  [chocoldap] (re)connect to 172.20.13.25:389, authentication 0
  [chocoldap] bind as cn=admin,dc=labingesys,dc=lan/chocolab to
172.20.13.25:389
  [chocoldap] waiting for bind result ...
  [chocoldap] Bind was successful
  [chocoldap] performing search in ou=wol,dc=labingesys,dc=lan, with filter
(uid=testuser)
[chocoldap] checking if remote access for testuser is allowed by uid
[chocoldap] Added User-Password = mypasswd in check items
[chocoldap] No default NMAS login sequence
[chocoldap] looking for check items in directory...
  [chocoldap] userPassword -> Password-With-Header == "mypasswd"
[chocoldap] looking for reply items in directory...
  [chocoldap] AlcSLAProfStr -> Alc-SLA-Prof-Str = "sla-profile2"
  [chocoldap] AlcSubscProfStr -> Alc-Subsc-Prof-Str = "sub-profile1"
[chocoldap] user testuser authorized to use remote access
  [chocoldap] ldap_release_conn: Release Id: 0
++[chocoldap] returns ok
++[chap] returns noop
[pap] Config already contains "known good" password.  Ignoring
Password-With-Header
++[pap] returns updated
    expand: %{User-Name} -> testuser
    expand: %{Acct-Session-Id} -> 539848
    expand: %{NAS-IP-Address} -> 172.20.13.27
    expand: %{Framed-IP-Address} -> 192.168.1.5
    expand: %{Alc-Subsc-Prof-Str#} ->
    expand: %{Alc-SLA-Prof-Str} ->
++[coa] returns updated
Found Auth-Type = PAP
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!    Replacing User-Password in config items with Cleartext-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!! Please update your configuration so that the "known good"
!!!
!!! clear text password is in Cleartext-Password, and not in User-Password.
!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
# Executing group from file /etc/freeradius/sites-enabled/wol
+- entering group PAP {...}
[pap] login attempt with password "mypasswd"
[pap] Using clear text password "mypasswd"
[pap] User authenticated successfully
++[pap] returns ok
# Executing section post-auth from file /etc/freeradius/sites-enabled/wol
+- entering group post-auth {...}
++[chocoldap] returns noop
Sending Access-Accept of id 62 to 127.0.0.1 port 43501
    Alc-SLA-Prof-Str = "sla-profile2"
    Alc-Subsc-Prof-Str = "sub-profile1"
# Executing section pre-proxy from file /etc/freeradius/sites-enabled/wol
+- entering group pre-proxy {...}
[pre_proxy_log]     expand:
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d ->
/var/log/freeradius/radacct/127.0.0.1/pre-proxy-detail-20120829
[pre_proxy_log]
/var/log/freeradius/radacct/%{Client-IP-Address}/pre-proxy-detail-%Y%m%d
expands to /var/log/freeradius/radacct/127.0.0.1/pre-proxy-detail-20120829
[pre_proxy_log]     expand: %t -> Wed Aug 29 14:12:29 2012
++[pre_proxy_log] returns ok
Sending CoA-Request of id 238 to 80.236.127.146 port 3799
    User-Name = "testuser"
    Acct-Session-Id = "539848"
    NAS-IP-Address = 172.20.13.27
    Framed-IP-Address = 192.168.1.5
    Alc-Subsc-Prof-Str = ""
    Alc-SLA-Prof-Str = ""
Finished request 0.
Going to the next request
Waking up in 1.9 seconds.
Sending CoA-Request of id 238 to 80.236.127.146 port 3799
    User-Name = "testuser"
    Acct-Session-Id = "539848"
    NAS-IP-Address = 172.20.13.27
    Framed-IP-Address = 192.168.1.5
    Alc-Subsc-Prof-Str = ""
    Alc-SLA-Prof-Str = ""
Waking up in 3.0 seconds.
Cleaning up request 0 ID 62 with timestamp +9
Waking up in 0.7 seconds.
Sending CoA-Request of id 238 to 80.236.127.146 port 3799
    User-Name = "testuser"
    Acct-Session-Id = "539848"
    NAS-IP-Address = 172.20.13.27
    Framed-IP-Address = 192.168.1.5
    Alc-Subsc-Prof-Str = ""
    Alc-SLA-Prof-Str = ""
Waking up in 7.6 seconds

Thanks
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20120829/0d868051/attachment-0001.html>

More information about the Freeradius-Users mailing list