CoA -> REST

adrian.p.smith at bt.com adrian.p.smith at bt.com
Tue Dec 20 17:12:14 CET 2016 

I was using 3.0.11.

I have built 3.0.12 from scratch and tried that with more success.

Ready to process requests
(0) Received CoA-Request Id 134 from 127.0.0.1:43349 to 127.0.0.1:3799 length 56
(0)   User-Name = "adrian"
(0)   Calling-Station-Id = "aa-bb-cc"
(0)   User-Password = "\210\317\357\267\025 \362\\\r\203VI\367W\315%"
(0) # Executing section recv-coa from file /home/adrian/freeradius-server-3.0.12/etc/raddb/sites-enabled/coa
(0)   recv-coa {
(0)     [suffix] = noop
(0) rest: ERROR: You set 'Auth-Type = REST' for a request that does not contain a User-Password attribute!
(0)     [rest.authenticate] = invalid
(0)   } # recv-coa = invalid
(0) # Executing section send-coa from file /home/adrian/freeradius-server-3.0.12/etc/raddb/sites-enabled/coa
(0)   send-coa {
(0)     [ok] = ok
(0)   } # send-coa = ok
(0) Sent CoA-NAK Id 134 from 127.0.0.1:3799 to 127.0.0.1:43349 length 0
(0) Finished request

So this seems to raise a couple of issues for me.

1. I am sending a User-Password but FreeRadius thinks not?
2. In the real scenario, I probably wouldn't have a password at this point. I guess I can just send a dummy one? Assuming I can get #1 to work.

Are there any plans to improve the REST module to handle CoA directly?

Thanks again.

Adrian



-----Original Message-----
From: Freeradius-Users [mailto:freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradius.org] On Behalf Of Matthew Newton
Sent: 20 December 2016 15:43
To: FreeRadius users mailing list
Subject: Re: CoA -> REST

On Tue, Dec 20, 2016 at 03:21:55PM +0000, adrian.p.smith at bt.com wrote:
> I enabled that virtual server by linking it into sites-enabled.
> 
> I then added a single line:
> 
> rest.authenticate
> 
> in the "server coa" recv-coa section immediately before the "ok" line.
> 
> adding just "rest" stopped the server from starting.
> 
> 
> 
> I then send the server a CoA using radclient.
> 
> I see the server receiving it (as per the debug output below), but no mention of "rest.authenticate".

If I start from a completely clean 3.0.x install, and link coa into sites-enabled, and send it a coa packet with radclient, I get

eceived CoA-Request Id 27 from 127.0.0.1:43031 to 127.0.0.1:3799 length 25
(0)   User-Name = "test"
(0) # Executing section recv-coa from file /opt/fr3/etc/raddb/sites-enabled/coa
(0)   recv-coa {
(0)     [suffix] = noop
(0)     [ok] = ok
(0)   } # recv-coa = ok
(0) # Executing section send-coa from file /opt/fr3/etc/raddb/sites-enabled/coa
(0)   send-coa {
(0)     [ok] = ok
(0)   } # send-coa = ok
(0) Sent CoA-ACK Id 27 from 127.0.0.1:3799 to 127.0.0.1:43031 length 0
(0) Finished request

so... as Alan said: what is the *entire* debug output?

All the debug lines right from and including the FreeRADIUS banner at the top actually matter, contrary to popular belief on this list :(.

Or, compare to a completely clean install, see what the difference is, and work from there.

Matthew



> -----Original Message-----
> From: Freeradius-Users 
> [mailto:freeradius-users-bounces+adrian.p.smith=bt.com at lists.freeradiu
> s.org] On Behalf Of Alan DeKok
> Sent: 20 December 2016 15:02
> To: FreeRadius users mailing list
> Subject: Re: CoA -> REST
> 
> On Dec 20, 2016, at 5:40 AM, adrian.p.smith at bt.com wrote:
> > 
> > Thanks for the tip. I tried this and the server does now start up.
> > 
> > When I send it a CoA however, I see no sign of the REST module being called:
> > 
> > (0) Received CoA-Request Id 217 from 127.0.0.1:45490 to 127.0.0.1:3799 length 38
> > (0)   User-Name = "adrian"
> > (0)   Calling-Station-Id = "aa-bb-cc"
> > (0) Sent CoA-ACK Id 217 from 127.0.0.1:3799 to 127.0.0.1:45490 
> > length 0
> > (0) Finished request
> > 
> > Anything else I've missed?
> 
>   Read the *entire* debug log.
> 
>   FreeRADIUS doesn't magically ignore virtual servers.  If it's not using a virtual server, it's because of a local configuration issue.
> 
>   The default CoA server in raddb/sites-available/coa works when it's enabled.
> 
>   So... what did you do?
> 
>   Alan DeKok.

--
Matthew Newton, Ph.D. <mcn4 at leicester.ac.uk>

Systems Specialist, Infrastructure Services, I.T. Services, University of Leicester, Leicester LE1 7RH, United Kingdom

For IT help contact helpdesk extn. 2253, <ithelp at le.ac.uk>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html

More information about the Freeradius-Users mailing list