HEX Stripping using attr_rewrite
Peter Lambrechtsen
peter at crypt.co.nz
Wed Jun 4 03:25:24 CEST 2014
As per the email I sent to you off-list, this should fix it:
if ( ADSL-Agent-Remote-Id =~ /\\001(.*)/ ){
update request {
ADSL-Agent-Remote-Id := "%{1}"
}
}
On Wed, Jun 4, 2014 at 12:02 PM, Simon Allard <
Simon.Allard at team.orcon.net.nz> wrote:
> Hi Freeradius list :-)
>
> I am have a bit of an issue with the stripping hex values from my
> ADSL-Agent-Remote-ID field in my Auth packet.
>
> I am using an Alcatel-Lucent 7750SR platform and for some reason they
> decided when converting a DHCPv6 packet into a radius packet it appends the
> Enterprise ID (which is a hex number) into the ADSL-Agent-Remote-ID.
>
> I end up with a packet looking like this:
>
> User-Name = "MDR-POLT01 eth 1/1/01/01/4/1/1:10"
> User-Password = ""
> NAS-IP-Address = 60.xxx.xxx.xxx
> ADSL-Agent-Circuit-Id = "MDR-POLT01 eth 1/1/01/01/4/1/1:10"
> ADSL-Agent-Remote-Id = "\000\000\000\001CHORUS1234567894"
> NAS-Port-Type = Ethernet
> NAS-Port-Id = "pw-2:1101.104"
> Calling-Station-Id = "\000\000\000\001CHORUS1234567894"
> NAS-Identifier = "bng"
> Acct-Session-Id = "E1F15900F37E74538D434C"
>
> The issue I seem to be running into, since \000 is a termination value,
> that freeradius sees the value of attribute ADSL-Agent-Remote-Id as blank.
> Example below.
>
> [sql] expand: %{Orcon-User-Name} ->
> :
> User-Name = "MDR-POLT01 eth 1/1/01/01/4/1/1:10"
> User-Password = ""
> NAS-IP-Address = 60.xx.xx.xx
> ADSL-Agent-Circuit-Id = "MDR-POLT01 eth 1/1/01/01/4/1/1:10"
> ADSL-Agent-Remote-Id = "\000\000\000\001CHORUS1234567894"
> NAS-Port-Type = Ethernet
> NAS-Port-Id = "pw-2:1101.104"
> Calling-Station-Id = "\000\000\000\001CHORUS1234567894"
> NAS-Identifier = "bng1"
> Acct-Session-Id = "E1F15900F40272538D8D8E"
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [suffix] No '@' in User-Name = "MDR-POLT01 eth 1/1/01/01/4/1/1:10",
> looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [files] expand: %{ADSL-Agent-Circuit-Id} -> MDR-POLT01 eth
> 1/1/01/01/4/1/1:10
> ++[files] returns noop
> [sane_dhcpv6_chorus] expand: \000\000\000\001 -> \000\000\000\001
> sane_dhcpv6_chorus: Does not match: ADSL-Agent-Remote-Id =
> sane_dhcpv6_chorus: Could not find value pair for attribute
> ADSL-Agent-Remote-Id
> ++[sane_dhcpv6_chorus] returns ok
>
>
> My attr_rewrite code is:
> attr_rewrite sane_dhcpv6_chorus {
> attribute = ADSL-Agent-Remote-Id
> searchin = packet
> searchfor = "\\000\\000\\000\\001"
> replacewith = ""
> ignore_case = no
> new_attribute = no
> max_matches = 10
>
> ## If set to yes then the replace string will be
> ## appended to the original string
> append = no
> }
>
> I have raised the issue with the vendor, but I am not holding my breath
> for a fix anytime soon.
>
> Are there any other options in freeradius to get around this?
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140604/ab8ed4e0/attachment.html>
More information about the Freeradius-Users
mailing list