proxying Access-Request Items (Attributes)
Orion Timbale
timbaledorion at hotmail.com
Wed Oct 28 17:38:06 CET 2015
Thanks Arran
You are my hero.
It works by adding attribute in our specific directory.
Tim
Le 26/10/2015 16:55, Arran Cudbard-Bell a écrit :
>> On Oct 26, 2015, at 11:48 AM, Orion Timbale <timbaledorion at hotmail.com> wrote:
>>
>>
>> Thanks to all freeradius users!!!!
>>
>>
>> I'm using freeradius v3.0.4 under Fedora 22.
>> I try to proxy some Access-Request and add some check item/attribute
>> before proxying.
>> The radiusd -X output regarding this problem looks like this:
>>
>> "Wed Oct 21 18:31:19 2015 : Debug: (0) # Executing section pre-proxy
>> from file /etc/raddb/sites-enabled/default
>> Wed Oct 21 18:31:19 2015 : Debug: (0) pre-proxy {
>> Wed Oct 21 18:31:19 2015 : Debug: (0) node.pre-proxy node.pre-proxy {
>> Wed Oct 21 18:31:19 2015 : Debug: (0) if ("%{request:Packet-Type}"
>> == 'Access-Request')
>> Wed Oct 21 18:31:19 2015 : Debug: (0) EXPAND %{request:Packet-Type}
>> Wed Oct 21 18:31:19 2015 : Debug: (0) --> Access-Request
>> Wed Oct 21 18:31:19 2015 : Debug: (0) if ("%{request:Packet-Type}"
>> == 'Access-Request') -> TRUE
>> Wed Oct 21 18:31:19 2015 : Debug: (0) if ("%{request:Packet-Type}" ==
>> 'Access-Request') {
>> Wed Oct 21 18:31:19 2015 : Debug: (0) update proxy-request {
>> Wed Oct 21 18:31:19 2015 : Debug: (0) &NodeID == '0000000002'
>> Wed Oct 21 18:31:19 2015 : Debug: (0) No existing attribute to filter,
>> adding instead
>> Wed Oct 21 18:31:19 2015 : Debug: (0) } # update proxy-request = noop
>> Wed Oct 21 18:31:19 2015 : Debug: (0) } # if
>> ("%{request:Packet-Type}" == 'Access-Request') = noop
>> Wed Oct 21 18:31:19 2015 : Debug: (0) } # byon-node.pre-proxy
>> byon-node.pre-proxy = noop
>> Wed Oct 21 18:31:19 2015 : Debug: (0) } # pre-proxy = noop
>> Wed Oct 21 18:31:19 2015 : Debug: (0) proxy: Trying to allocate ID (0/2)
>> Wed Oct 21 18:31:19 2015 : Debug: (0) proxy: Failed allocating ID:
>> Failed finding socket, caller must allocate a new one
>> Wed Oct 21 18:31:19 2015 : Debug: (0) proxy: Trying to open a new
>> listener to the home server
>> Wed Oct 21 18:31:19 2015 : Debug: Opening new proxy socket 'proxy
>> address * port 0'
>> Wed Oct 21 18:31:19 2015 : Debug: Listening on proxy address * port 45141
>> Wed Oct 21 18:31:19 2015 : Debug: (0) proxy: Trying to allocate ID (1/2)
>> Wed Oct 21 18:31:19 2015 : Debug: (0) proxy: request is now in proxy hash
>> Wed Oct 21 18:31:19 2015 : Debug: (0) proxy: allocating destination
>> 192.168.42.193 port 1812 - Id 16
>> Wed Oct 21 18:31:19 2015 : Debug: (0) Proxying request to home server
>> 192.168.42.193 port 1812 timeout 14.000000
>> Wed Oct 21 18:31:19 2015 : Debug: (0) Sending Access-Request packet to
>> host 192.168.42.193 port 1812, id=16, length=0
>> Wed Oct 21 18:31:19 2015 : Debug: (0) User-Name =
>> 'fname.lname at my-network.com'
>> Wed Oct 21 18:31:19 2015 : Debug: (0) User-Password = 'passme'
>> Wed Oct 21 18:31:19 2015 : Debug: (0) NAS-IP-Address = 127.0.0.1
>> Wed Oct 21 18:31:19 2015 : Debug: (0) NAS-Port = 100
>> Wed Oct 21 18:31:19 2015 : Debug: (0) Message-Authenticator =
>> 0x29fc545638a7a1c6ec10b5f7e2c860c9
>> Wed Oct 21 18:31:19 2015 : Debug: (0) Event-Timestamp = 'Oct 21 2015
>> 18:31:19 CEST'
>> Wed Oct 21 18:31:19 2015 : Debug: (0) Realm = 'DEFAULT'
>> Wed Oct 21 18:31:19 2015 : Debug: (0) Proxy-State = 0x3337
>> Wed Oct 21 18:31:19 2015 : Debug: (0) NodeID == '0000000002'
>> Sending Access-Request Id 16 from 0.0.0.0:45141 to 192.168.42.193:1812
>> User-Name = 'fname.lname at my-network.com'
>> User-Password = 'passme'
>> NAS-IP-Address = 127.0.0.1
>> NAS-Port = 100
>> Message-Authenticator = 0x29fc545638a7a1c6ec10b5f7e2c860c9
>> Event-Timestamp = 'Oct 21 2015 18:31:19 CEST'
>> Proxy-State = 0x3337"
>>
>>
>>
>> As you can see Realm and NodeID are not passed to the radius proxy in
>> the access request.
> Because they're not protocol attributes, and so there's no way to encode them?
>
>> Can anyone suggest me something ?
> Define new VSAs under your IANA number.
>
> -Arran
>
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html
More information about the Freeradius-Users
mailing list