How to use rewrite.called_station_id IN dynamic clients authorize section
James Wood
james.wood at purplewifi.com
Thu Mar 26 09:35:35 CET 2015
Hi,
We use dynamic clients + sql for our authentication of NAS devices. We also use rlm_raw because we cannot auth on the IP Address (because of not knowing all the dynamic IP's clients are coming from), so we auth on the Called-Station-Id value.
In normal circumstances this works beautifully, but when we have a NAS that sends the Called-Station-Id value as AABBCCDDEEFF with no colon or hyphen, auth fails, because in our SQL database we store the MAC like AA-BB-CC-DD-EE-FF. I already use SQL to replace colon with hyphen, but I am struggling with if it has no delimiter at all. For this particular NAS client, there is no way to change the format of the Called-Station-Id value it is sending so I need something on the FreeRadius side.
I tried using the rewrite.called_station_id module from policy.conf and whilst it does not error it doesn't rewrite the incoming Called-Station-Id to the format I require.
Here is my dynamic clients file:
client dymamic {
...
}
server dynamic_client_server {
authorize {
#Test to see if our required raw attribute exists
if("%{raw:Called-Station-Id}"){
rewrite.called_station_id
#Test to see if it is in the DB
if ("%{sql: select count(*) from nas where community=REPLACE(SUBSTRING(\"%{Called-Station-Id}\",1,17),\":\",\"-\")}" == 1) {
update control {
...
}
ok
}
}
}
}
I suspect it's a problem because we are using raw:Called-Station-Id because before auth Called-Station-Id itself is not accessible.
Is it possible to just have a rewrite block in the authorize section of dynamic clients so it can rewrite the raw value there?
Thank you,
James
More information about the Freeradius-Users
mailing list