Unstructured Attr-26 in unlang

Brian Candler b.candler at pobox.com
Tue Mar 28 16:47:13 CEST 2017

(FreeRADIUS 3.0.13 under CentOS)

I am trying to deal with a broken device (Aten) which requires an 
unstructured attribute 26 [^1].  Using the 'files' module this works [^2]:

bob     Cleartext-Password := "hello"
         # Vendor-Specific = "su/administrator"
         Attr-26 = 0x73752f61646d696e6973747261746f72

But in unlang, this is not accepted:

       update reply {
         # Vendor-Specific = "su/administrator"
         &Attr-26 = 0x73752f61646d696e6973747261746f72

Tue Mar 28 14:01:27 2017 : Error: /etc/raddb/policy.d/localpolicy[155]: 
Invalid vendor name in attribute name "0x73752f61646d696e6973747261746f72"

Here's the only bit of source I can find which generates that error 

         if (strncasecmp(p, "Attr-", 5) != 0) {
                 if (strncasecmp(p, "Vendor-", 7) == 0) {
                /* must be vendor name */
                 } else {
                         char buffer[256];

                         q = strchr(p, '-');

                         if (!q) {
fr_strerror_printf("Invalid vendor name in attribute name \"%s\"", name);
                                 return -1;

I don't understand why it thinks the attribute *name* is "0x73752f61"... 
rather than "Attr-26"

And if I try this:

       update reply {
         &Attr-26 = "su/administrator"

Tue Mar 28 14:25:56 2017 : Error: /etc/raddb/policy.d/localpolicy[154]: 
Must use 'Attr-26 = ...' instead of 'Vendor-Specific = ...'

That's an even stranger error: I *am* using Attr-26 like it says!!

Any suggestions how I can get this to work, other than switching from 
unlang to files module?



[^1] It is so broken that it doesn't even use a vendor ID in the first 
four bytes. But I am happy to define a fake vendor which has the correct 
four bytes.  And RFC 2865 *does* permit unstructured data after the 4 
bytes of vendor ID.

[^2] tcpdump confirms it's as expected:

     0x0050:  .... 1a12 7375 2f61 646d 696e 6973 7472 ....su/administr
     0x0060:  6174 6f72                                ator

More information about the Freeradius-Users mailing list