Proxy / reply translation
Alan Buxey
alan.buxey at gmail.com
Sat Nov 11 20:14:15 CET 2017
You say you need to modify a reply from their radius server - this will be
in the post-proxy section?
Also if (&reply:Cisco-AVPair ... ?
alan
On 11 Nov 2017 6:37 pm, "Richard J Palmer" <richard at merula.net> wrote:
Hi
Sorry for the delay. I am getting close with this I think... BUT something
seems to be slightly wrong.
Happy to post a full log as needed - BUT I hope the bit I need is here:
(2) sql1: Framed-Route = ""
(2) sql1: Framed-IP-Address = 1.2.3.1
(2) sql1: Framed-IP-Netmask = 255.255.255.248
(2) sql1: Cisco-AVPair += "ip:route=1.2.3.0 255.255.255.248"
(2) sql1: Filter-Id = "P"
(2) sql1: Chargeable-User-Identity = "richard2"
<group SQL statements>
(2) sql1: Group "Hotspot": Merging reply items
(2) sql1: Acct-Interim-Interval = 600
(2) [sql1] = ok
(2) } # redundant = ok
(2) policy rewrite_routes {
(2) if (&Cisco-AVPair =~ /ip:route=([^ ]+) ([^ ]+)/) {
(2) ERROR: Failed retrieving values required to evaluate condition
(2) } # policy rewrite_routes = ok
(2) Login OK: [richard2] (from client local port 1)
(2) Sent Access-Accept Id 69 from 127.0.0.1:1645 to 127.0.0.1:48919 length 0
(2) Framed-IP-Address = 1.2.3.1
(2) Framed-IP-Netmask = 255.255.255.248
(2) Cisco-AVPair = "ip:route=1.2.3.0 255.255.255.248"
(2) Filter-Id = "P"
(2) Chargeable-User-Identity = "richard2"
(2) Acct-Interim-Interval = 600
(2) Finished request
In my authorise section I have placed:
redundant {
sql1
sql2
handled
}
# -sql
rewrite_routes
(The other sections are there - this is just to show where what I hope is
relevant. The code itself is based on the code provided below
rewrite_routes {
if (&Cisco-AVPair =~ /ip:route=([^ ]+) ([^ ]+)/) {
switch "%{2}" {
case "255.255.255.255" {
update reply {
Framed-Route = "%{1}/32"
}
}
case "255.255.255.254" {
update reply {
Framed-Route = "%{1}/31"
}
}
and so on (it is in the policy.d folder)
I am aware the key to this is the error
(2) ERROR: Failed retrieving values required to evaluate condition
What I am unclear about is why this is failing / and what I have done wrong
here to cause this. If you can give me one more pointer here I'd appreciate
it
More than happy to send any of the extra config or log as needed
Thanks in advance
Richard
On Thursday 09/11/2017 at 1:35 pm, Alan DeKok wrote:
> On Nov 9, 2017, at 8:19 AM, Richard J Palmer <richard at merula.net> wrote:
>
>>
>> This is where my skills are not great (regex) most other areas I can work
>> with. Ultimately I am happy to pay someone to help write the little bit of
>> code that does this. I do need to cope with Netmasks from /32 to /24 so a
>> few switch cases.
>>
>
> It shouldn't be difficult.
>
>
>> Alternatively if someone can provide a few pointers on that bit I can
>> probably build from there.
>>
>
> If you have:
>
>
>>
>>>
>>>> Cisco-AVPair = "ip:route=1.2.3.1 255.255.255.240"
>>>>
>>>
> Step 1, split it into pieces:
>
> if (&Cisco-AVPair =~ /ip:route=([^ ]+) ([^ ]+)/) {
>
> This matches the "ip:route" prefix. It then matches non-space data,
> then a space, and more non-space data. As per the FR documentation, the
> first match goes into %{1}, and the second into %{2}.
>
> As there are only a limited number of net masks, you can expand the net
> mask, and switch over it (inside of the "if" block from above)
>
> switch "%{2}" {
> case "255.255.255.255" {
> update reply {
> Framed-Route = "%{1}/32"
> }
> }
>
> case "255.255.255.254" {
> update reply {
> Framed-Route = "%{1}/31"
> }
> }
>
> case "255.255.255.252" {
> update reply {
> Framed-Route = "%{1}/30"
> }
> }
>
> ... etc...
>
> # and the "catch all" case, just mash it to /28
> case {
> update reply {
> Framed-Route = "%{1}/28"
> }
> }
> }
>
> A little verbose, but it should work.
>
> Alan DeKok.
>
>
> -
> List info/subscribe/unsubscribe? See http://www.freeradius.org/list
> /users.html
>
-
List info/subscribe/unsubscribe? See http://www.freeradius.org/list
/users.html
More information about the Freeradius-Users
mailing list