Reply attributes from users file are being wiped

Kennedy, Sean M skennedy at office.vcn.com
Fri Jan 12 04:42:18 CET 2018 

I am in the process of upgrading an OLD freeradius instance to version
3.0.16 and I am running into an issue where I am not seeing my extra
reply attributes returned when the user is being proxied to another auth
server. 

Here are some snippets from the debug... you can see the users file
matches 2 sections and that is exactly the correct lines it should match
on to append in my custom reply attributes. 

(1) suffix: Checking for suffix after "@"
(1) suffix: Looking up realm "xxx.net" for User-Name = "xxx at xxx.net"
(1) suffix: Found realm "xxx.net"
(1) suffix: Adding Realm = "xxx.net"
(1) suffix: Proxying request from user xxx at xxx.net to realm xxx.net
(1) suffix: Preparing to proxy authentication request to realm "xxx.net"
(1)     [suffix] = updated
(1) eap: No EAP-Message, not doing EAP
(1)     [eap] = noop
(1) files: EXPAND 216.126.204.*
(1) files:    --> 216.126.204.*
(1) files: EXPAND 165.154.11.*
(1) files:    --> 165.154.11.*
(1) files: EXPAND 209.244.*
(1) files:    --> 209.244.*
(1) files: EXPAND 209.247.*
(1) files:    --> 209.247.*
(1) files: EXPAND 209.253.*
(1) files:    --> 209.253.*
(1) files: users: Matched entry DEFAULT at line 928
(1) files: users: Matched entry DEFAULT at line 940

The debug proceeds to send the request to the proxy: 

(1) Starting proxy to home server x.x.x.x port 1812
(1) Proxying request to home server x.x.x.x port 1812 timeout 30.000000
(1) Sent Access-Request Id 102 from 0.0.0.0:34505 to x.x.x.x:1812 length
116
(1)   User-Name = "xxx at xxx.net"
(1)   User-Password = "xxx"
(1)   NAS-IP-Address = x.x.x.x
(1)   NAS-Port = 1
(1)   Framed-Protocol = PPP
(1)   Service-Type = Framed-User
(1)   Event-Timestamp = "Jan 11 2018 20:08:34 MST"
(1)   Message-Authenticator := 0x00
(1)   Proxy-State = 0x3838 

It then wipes the reply attributes out: 

Waking up in 0.3 seconds.
(1) Marking home server x.x.x.x port 1812 alive
(1) Clearing existing &reply: attributes 

Why is this "Clearing existing &reply: attributes" happening?  It seems
that is my issue as the actual reply is missing my extra attributes that
I defined in the "users" file. 

Thank you in advance, 

Sean

More information about the Freeradius-Users mailing list