proxying Access-Request Items (Attributes)

Arran Cudbard-Bell a.cudbardb at freeradius.org
Mon Oct 26 16:55:51 CET 2015 

> On Oct 26, 2015, at 11:48 AM, Orion Timbale <timbaledorion at hotmail.com> wrote:
> 
> 
> Thanks to all freeradius users!!!!
> 
> 
> I'm using freeradius v3.0.4 under Fedora 22.
> I try to proxy some Access-Request and add some check item/attribute
> before proxying.
> The radiusd -X output regarding this problem looks like this:
> 
> "Wed Oct 21 18:31:19 2015 : Debug: (0) # Executing section pre-proxy
> from file /etc/raddb/sites-enabled/default
> Wed Oct 21 18:31:19 2015 : Debug: (0)   pre-proxy {
> Wed Oct 21 18:31:19 2015 : Debug: (0)   node.pre-proxy node.pre-proxy {
> Wed Oct 21 18:31:19 2015 : Debug: (0)     if ("%{request:Packet-Type}"
> == 'Access-Request')
> Wed Oct 21 18:31:19 2015 : Debug: (0) EXPAND %{request:Packet-Type}
> Wed Oct 21 18:31:19 2015 : Debug: (0)    --> Access-Request
> Wed Oct 21 18:31:19 2015 : Debug: (0)     if ("%{request:Packet-Type}"
> == 'Access-Request')   -> TRUE
> Wed Oct 21 18:31:19 2015 : Debug: (0)    if ("%{request:Packet-Type}" ==
> 'Access-Request')   {
> Wed Oct 21 18:31:19 2015 : Debug: (0)     update proxy-request {
> Wed Oct 21 18:31:19 2015 : Debug: (0)   &NodeID == '0000000002'
> Wed Oct 21 18:31:19 2015 : Debug: (0) No existing attribute to filter,
> adding instead
> Wed Oct 21 18:31:19 2015 : Debug: (0)     } # update proxy-request = noop
> Wed Oct 21 18:31:19 2015 : Debug: (0)    } # if
> ("%{request:Packet-Type}" == 'Access-Request')   = noop
> Wed Oct 21 18:31:19 2015 : Debug: (0)   } # byon-node.pre-proxy
> byon-node.pre-proxy = noop
> Wed Oct 21 18:31:19 2015 : Debug: (0)  } #  pre-proxy = noop
> Wed Oct 21 18:31:19 2015 : Debug: (0) proxy: Trying to allocate ID (0/2)
> Wed Oct 21 18:31:19 2015 : Debug: (0) proxy: Failed allocating ID:
> Failed finding socket, caller must allocate a new one
> Wed Oct 21 18:31:19 2015 : Debug: (0) proxy: Trying to open a new
> listener to the home server
> Wed Oct 21 18:31:19 2015 : Debug: Opening new proxy socket 'proxy
> address * port 0'
> Wed Oct 21 18:31:19 2015 : Debug: Listening on proxy address * port 45141
> Wed Oct 21 18:31:19 2015 : Debug: (0) proxy: Trying to allocate ID (1/2)
> Wed Oct 21 18:31:19 2015 : Debug: (0) proxy: request is now in proxy hash
> Wed Oct 21 18:31:19 2015 : Debug: (0) proxy: allocating destination
> 192.168.42.193 port 1812 - Id 16
> Wed Oct 21 18:31:19 2015 : Debug: (0) Proxying request to home server
> 192.168.42.193 port 1812 timeout 14.000000
> Wed Oct 21 18:31:19 2015 : Debug: (0) Sending Access-Request packet to
> host 192.168.42.193 port 1812, id=16, length=0
> Wed Oct 21 18:31:19 2015 : Debug: (0)   User-Name =
> 'fname.lname at my-network.com'
> Wed Oct 21 18:31:19 2015 : Debug: (0)   User-Password = 'passme'
> Wed Oct 21 18:31:19 2015 : Debug: (0)   NAS-IP-Address = 127.0.0.1
> Wed Oct 21 18:31:19 2015 : Debug: (0)   NAS-Port = 100
> Wed Oct 21 18:31:19 2015 : Debug: (0)   Message-Authenticator =
> 0x29fc545638a7a1c6ec10b5f7e2c860c9
> Wed Oct 21 18:31:19 2015 : Debug: (0)   Event-Timestamp = 'Oct 21 2015
> 18:31:19 CEST'
> Wed Oct 21 18:31:19 2015 : Debug: (0)   Realm = 'DEFAULT'
> Wed Oct 21 18:31:19 2015 : Debug: (0)   Proxy-State = 0x3337
> Wed Oct 21 18:31:19 2015 : Debug: (0)   NodeID == '0000000002'
> Sending Access-Request Id 16 from 0.0.0.0:45141 to 192.168.42.193:1812
>        User-Name = 'fname.lname at my-network.com'
>        User-Password = 'passme'
>        NAS-IP-Address = 127.0.0.1
>        NAS-Port = 100
>        Message-Authenticator = 0x29fc545638a7a1c6ec10b5f7e2c860c9
>        Event-Timestamp = 'Oct 21 2015 18:31:19 CEST'
>        Proxy-State = 0x3337"
> 
> 
> 
> As you can see  Realm and NodeID are not passed to the radius proxy in
> the access request.

Because they're not protocol attributes, and so there's no way to encode them?

> Can anyone suggest me something ?

Define new VSAs under your IANA number.

-Arran

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 842 bytes
Desc: Message signed with OpenPGP using GPGMail
URL: <http://lists.freeradius.org/pipermail/freeradius-users/attachments/20151026/7614aa8e/attachment.sig>

More information about the Freeradius-Users mailing list