HEX Stripping using attr_rewrite

Peter Lambrechtsen peter at crypt.co.nz
Wed Jun 4 03:25:24 CEST 2014 

As per the email I sent to you off-list, this should fix it:

        if ( ADSL-Agent-Remote-Id =~ /\\001(.*)/ ){
                update request {
                        ADSL-Agent-Remote-Id := "%{1}"
                }
        }



On Wed, Jun 4, 2014 at 12:02 PM, Simon Allard <
Simon.Allard at team.orcon.net.nz> wrote:

> Hi Freeradius list :-)
>
> I am have a bit of an issue with the stripping hex values from my
> ADSL-Agent-Remote-ID field in my Auth packet.
>
> I am using an Alcatel-Lucent 7750SR platform and for some reason they
> decided when converting a DHCPv6 packet into a radius packet it appends the
> Enterprise ID (which is a hex number) into the ADSL-Agent-Remote-ID.
>
> I end up with a packet looking like this:
>
>         User-Name = "MDR-POLT01 eth 1/1/01/01/4/1/1:10"
>         User-Password = ""
>         NAS-IP-Address = 60.xxx.xxx.xxx
>         ADSL-Agent-Circuit-Id = "MDR-POLT01 eth 1/1/01/01/4/1/1:10"
>         ADSL-Agent-Remote-Id = "\000\000\000\001CHORUS1234567894"
>         NAS-Port-Type = Ethernet
>         NAS-Port-Id = "pw-2:1101.104"
>         Calling-Station-Id = "\000\000\000\001CHORUS1234567894"
>         NAS-Identifier = "bng"
>         Acct-Session-Id = "E1F15900F37E74538D434C"
>
> The issue I seem to be running into, since \000 is a termination value,
> that freeradius sees the value of attribute ADSL-Agent-Remote-Id as blank.
> Example below.
>
> [sql]   expand: %{Orcon-User-Name} ->
> :
>         User-Name = "MDR-POLT01 eth 1/1/01/01/4/1/1:10"
>         User-Password = ""
>         NAS-IP-Address = 60.xx.xx.xx
>         ADSL-Agent-Circuit-Id = "MDR-POLT01 eth 1/1/01/01/4/1/1:10"
>         ADSL-Agent-Remote-Id = "\000\000\000\001CHORUS1234567894"
>         NAS-Port-Type = Ethernet
>         NAS-Port-Id = "pw-2:1101.104"
>         Calling-Station-Id = "\000\000\000\001CHORUS1234567894"
>         NAS-Identifier = "bng1"
>         Acct-Session-Id = "E1F15900F40272538D8D8E"
> +- entering group authorize {...}
> ++[preprocess] returns ok
> [suffix] No '@' in User-Name = "MDR-POLT01 eth 1/1/01/01/4/1/1:10",
> looking up realm NULL
> [suffix] No such realm "NULL"
> ++[suffix] returns noop
> [files]         expand: %{ADSL-Agent-Circuit-Id} -> MDR-POLT01 eth
> 1/1/01/01/4/1/1:10
> ++[files] returns noop
> [sane_dhcpv6_chorus]    expand: \000\000\000\001 -> \000\000\000\001
> sane_dhcpv6_chorus: Does not match: ADSL-Agent-Remote-Id =
> sane_dhcpv6_chorus: Could not find value pair for attribute
> ADSL-Agent-Remote-Id
> ++[sane_dhcpv6_chorus] returns ok
>
>
> My attr_rewrite code is:
> attr_rewrite sane_dhcpv6_chorus {
>         attribute = ADSL-Agent-Remote-Id
>         searchin = packet
>         searchfor = "\\000\\000\\000\\001"
>         replacewith = ""
>         ignore_case = no
>         new_attribute = no
>         max_matches = 10
>
>         ## If set to yes then the replace string will be
>         ## appended to the original string
>         append = no
> }
>
> I have raised the issue with the vendor, but I am not holding my breath
> for a fix anytime soon.
>
> Are there any other options in freeradius to get around this?
>
>
> -
> List info/subscribe/unsubscribe? See
> http://www.freeradius.org/list/users.html
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20140604/ab8ed4e0/attachment.html>

More information about the Freeradius-Users mailing list