HEX Stripping using attr_rewrite

Simon Allard Simon.Allard at team.orcon.net.nz
Wed Jun 4 02:02:23 CEST 2014 

Hi Freeradius list :-)

I am have a bit of an issue with the stripping hex values from my ADSL-Agent-Remote-ID field in my Auth packet.

I am using an Alcatel-Lucent 7750SR platform and for some reason they decided when converting a DHCPv6 packet into a radius packet it appends the Enterprise ID (which is a hex number) into the ADSL-Agent-Remote-ID.

I end up with a packet looking like this:

        User-Name = "MDR-POLT01 eth 1/1/01/01/4/1/1:10"
        User-Password = ""
        NAS-IP-Address = 60.xxx.xxx.xxx
        ADSL-Agent-Circuit-Id = "MDR-POLT01 eth 1/1/01/01/4/1/1:10"
        ADSL-Agent-Remote-Id = "\000\000\000\001CHORUS1234567894"
        NAS-Port-Type = Ethernet
        NAS-Port-Id = "pw-2:1101.104"
        Calling-Station-Id = "\000\000\000\001CHORUS1234567894"
        NAS-Identifier = "bng"
        Acct-Session-Id = "E1F15900F37E74538D434C"

The issue I seem to be running into, since \000 is a termination value, that freeradius sees the value of attribute ADSL-Agent-Remote-Id as blank. Example below.

[sql]   expand: %{Orcon-User-Name} ->
:
        User-Name = "MDR-POLT01 eth 1/1/01/01/4/1/1:10"
        User-Password = ""
        NAS-IP-Address = 60.xx.xx.xx
        ADSL-Agent-Circuit-Id = "MDR-POLT01 eth 1/1/01/01/4/1/1:10"
        ADSL-Agent-Remote-Id = "\000\000\000\001CHORUS1234567894"
        NAS-Port-Type = Ethernet
        NAS-Port-Id = "pw-2:1101.104"
        Calling-Station-Id = "\000\000\000\001CHORUS1234567894"
        NAS-Identifier = "bng1"
        Acct-Session-Id = "E1F15900F40272538D8D8E"
+- entering group authorize {...}
++[preprocess] returns ok
[suffix] No '@' in User-Name = "MDR-POLT01 eth 1/1/01/01/4/1/1:10", looking up realm NULL
[suffix] No such realm "NULL"
++[suffix] returns noop
[files]         expand: %{ADSL-Agent-Circuit-Id} -> MDR-POLT01 eth 1/1/01/01/4/1/1:10
++[files] returns noop
[sane_dhcpv6_chorus]    expand: \000\000\000\001 -> \000\000\000\001
sane_dhcpv6_chorus: Does not match: ADSL-Agent-Remote-Id =
sane_dhcpv6_chorus: Could not find value pair for attribute ADSL-Agent-Remote-Id
++[sane_dhcpv6_chorus] returns ok


My attr_rewrite code is:
attr_rewrite sane_dhcpv6_chorus {
        attribute = ADSL-Agent-Remote-Id
        searchin = packet
        searchfor = "\\000\\000\\000\\001"
        replacewith = ""
        ignore_case = no
        new_attribute = no
        max_matches = 10

        ## If set to yes then the replace string will be
        ## appended to the original string
        append = no
}

I have raised the issue with the vendor, but I am not holding my breath for a fix anytime soon.

Are there any other options in freeradius to get around this?

More information about the Freeradius-Users mailing list