Please tell me about rewrite_called_station_id.

Yuya Yanagi peacefull64 at gmail.com
Fri Jul 19 10:26:39 CEST 2019


Hi,All

Please tell me about rewrite_called_station_id.

The description of rewrite_called_station_id was written to the
authorize section of sites-available / default and sites-available /
inner-tunnel to obtain
a Called-Station-SSID to control the approval process.

However, although the default file side could obtain the value of
Called-Station-SSID,
the process of rewrite_called_station_id became FALSE in the internal
tunnel file, and the value of Called-Station-SSID could not be
obtained.

Since I am using EAP-TTLS authentication, I want to set the inner
tunnel to branch control, but I can not use it.

If you have any advice, please let me know.

y.y

------------Debug log---------

Fri Jul 19 15:52:16 2019 : Debug: (0) Using Post-Auth-Type Challenge
Fri Jul 19 15:52:16 2019 : Debug: (0) # Executing group from file
/etc/raddb/sites-enabled/default
Fri Jul 19 15:52:16 2019 : Debug: (0)   Challenge { ... } # empty
sub-section is ignored
Fri Jul 19 15:52:16 2019 : Debug: (0) session-state: Nothing to cache
Fri Jul 19 15:52:16 2019 : Debug: (0) Sent Access-Challenge Id 68 from
133.15.18.14:1812 to 133.15.250.241:60211 length 0
Fri Jul 19 15:52:16 2019 : Debug: (0)   EAP-Message = 0x010200061520
Fri Jul 19 15:52:16 2019 : Debug: (0)   Message-Authenticator =
0x00000000000000000000000000000000
Fri Jul 19 15:52:16 2019 : Debug: (0)   State =
0x68f31ff968f10ae77b5c26c718e1463c
Fri Jul 19 15:52:16 2019 : Debug: (0) Finished request
Fri Jul 19 15:52:16 2019 : Debug: Waking up in 4.9 seconds.
Fri Jul 19 15:52:16 2019 : Debug: (1) Received Access-Request Id 70
from 133.15.250.241:60211 to 133.15.18.14:1812 length 279
Fri Jul 19 15:52:16 2019 : Debug: (1)   User-Name = "anonymous"
Fri Jul 19 15:52:16 2019 : Debug: (1)   NAS-IP-Address = 10.254.0.241
Fri Jul 19 15:52:16 2019 : Debug: (1)   NAS-Port = 12289
Fri Jul 19 15:52:16 2019 : Debug: (1)   Called-Station-Id =
"08-35-71-F2-CE-05:authtest"
Fri Jul 19 15:52:16 2019 : Debug: (1)   Calling-Station-Id = "50-3E-AA-6D-ED-7E"
Fri Jul 19 15:52:16 2019 : Debug: (1)   Framed-MTU = 1250
Fri Jul 19 15:52:16 2019 : Debug: (1)   NAS-Port-Type = Wireless-802.11
Fri Jul 19 15:52:16 2019 : Debug: (1)   Framed-Compression = None
Fri Jul 19 15:52:16 2019 : Debug: (1)   Connect-Info = "CONNECT 802.11g"
Fri Jul 19 15:52:16 2019 : Debug: (1)   Chargeable-User-Identity = 0x00
Fri Jul 19 15:52:16 2019 : Debug: (1)   EAP-Message =
0x0202007115800000006716030100620100005e03015d31689fbadf8aadd98de6c61bd2a31c53b8b1185935160dd336d01fa44c5e86000018c014c0130035002fc00ac00900380032000a0013000500040100001d000a0006000400170018000b000201000023000000170000ff01000100
Fri Jul 19 15:52:16 2019 : Debug: (1)   State =
0x68f31ff968f10ae77b5c26c718e1463c
Fri Jul 19 15:52:16 2019 : Debug: (1)   Message-Authenticator =
0x9047a006c6a06a8e05c854228e8a472e
Fri Jul 19 15:52:16 2019 : Debug: (1) session-state: No cached attributes
Fri Jul 19 15:52:16 2019 : Debug: (1) # Executing section authorize
from file /etc/raddb/sites-enabled/default
Fri Jul 19 15:52:16 2019 : Debug: (1)   authorize {
Fri Jul 19 15:52:16 2019 : Debug: (1)     policy rewrite_called_station_id {
Fri Jul 19 15:52:16 2019 : Debug: (1)       if (&Called-Station-Id &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i))
{
Fri Jul 19 15:52:16 2019 : Debug: No matches
Fri Jul 19 15:52:16 2019 : Debug: Adding 9 matches
Fri Jul 19 15:52:16 2019 : Debug: (1)       if (&Called-Station-Id &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i))
 -> TRUE
Fri Jul 19 15:52:16 2019 : Debug: (1)       if (&Called-Station-Id &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i))
 {
Fri Jul 19 15:52:16 2019 : Debug: (1)         update request {
Fri Jul 19 15:52:16 2019 : Debug: (1)           1/9 Found: 08 (3)
Fri Jul 19 15:52:16 2019 : Debug: (1)           2/9 Found: 35 (3)
Fri Jul 19 15:52:16 2019 : Debug: (1)           3/9 Found: 71 (3)
Fri Jul 19 15:52:16 2019 : Debug: (1)           4/9 Found: F2 (3)
Fri Jul 19 15:52:16 2019 : Debug: (1)           5/9 Found: CE (3)
Fri Jul 19 15:52:16 2019 : Debug: (1)           6/9 Found: 05 (3)
Fri Jul 19 15:52:16 2019 : Debug: (1)           EXPAND
%{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
Fri Jul 19 15:52:16 2019 : Debug: (1)              --> 08-35-71-F2-CE-05
Fri Jul 19 15:52:16 2019 : Debug: (1)           &Called-Station-Id :=
08-35-71-F2-CE-05
Fri Jul 19 15:52:16 2019 : Debug: (1)           Overwriting value
"08-35-71-F2-CE-05:authtest" with "08-35-71-F2-CE-05"
Fri Jul 19 15:52:16 2019 : Debug: (1)         } # update request = noop
Fri Jul 19 15:52:16 2019 : Debug: (1)         if ("%{8}") {
Fri Jul 19 15:52:16 2019 : Debug: (1)         EXPAND TMPL XLAT STRUCT
Fri Jul 19 15:52:16 2019 : Debug: (1)         8/9 Found: authtest (9)
Fri Jul 19 15:52:16 2019 : Debug: (1)         EXPAND %{8}
Fri Jul 19 15:52:16 2019 : Debug: (1)            --> authtest
Fri Jul 19 15:52:16 2019 : Debug: (1)         if ("%{8}")  -> TRUE
Fri Jul 19 15:52:16 2019 : Debug: (1)         if ("%{8}")  {
Fri Jul 19 15:52:16 2019 : Debug: (1)           update request {
Fri Jul 19 15:52:16 2019 : Debug: (1)             8/9 Found: authtest (9)
Fri Jul 19 15:52:16 2019 : Debug: (1)             EXPAND %{8}
Fri Jul 19 15:52:16 2019 : Debug: (1)                --> authtest
Fri Jul 19 15:52:16 2019 : Debug: (1)             &Called-Station-SSID
:= authtest
Fri Jul 19 15:52:16 2019 : Debug: (1)           } # update request = noop
Fri Jul 19 15:52:16 2019 : Debug: (1)         } # if ("%{8}")  = noop
Fri Jul 19 15:52:16 2019 : Debug: (1)         modsingle[authorize]:
calling updated (rlm_always)
Fri Jul 19 15:52:16 2019 : Debug: (1)         modsingle[authorize]:
returned from updated (rlm_always)
Fri Jul 19 15:52:16 2019 : Debug: (1)         [updated] = updated
Fri Jul 19 15:52:16 2019 : Debug: (1)       } # if (&Called-Station-Id
&& (&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i))
 = updated
Fri Jul 19 15:52:16 2019 : Debug: (1)       ... skipping else:
Preceding "if" was taken
Fri Jul 19 15:52:16 2019 : Debug: (1)     } # policy
rewrite_called_station_id = updated

......


Fri Jul 19 15:52:16 2019 : Debug: (5)   session-state: No State attribute
Fri Jul 19 15:52:16 2019 : Debug: (5)   # Executing section authorize
from file /etc/raddb/sites-enabled/inner-tunnel
Fri Jul 19 15:52:16 2019 : Debug: (5)     authorize {
Fri Jul 19 15:52:16 2019 : Debug: (5)       policy rewrite_called_station_id {
Fri Jul 19 15:52:16 2019 : Debug: (5)         if (&Called-Station-Id
&& (&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i))
{
Fri Jul 19 15:52:16 2019 : Debug: (5)         if (&Called-Station-Id
&& (&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i))
 -> FALSE
Fri Jul 19 15:52:16 2019 : Debug: (5)         else {
Fri Jul 19 15:52:16 2019 : Debug: (5)           modsingle[authorize]:
calling noop (rlm_always)
Fri Jul 19 15:52:16 2019 : Debug: (5)           modsingle[authorize]:
returned from noop (rlm_always)
Fri Jul 19 15:52:16 2019 : Debug: (5)           [noop] = noop
Fri Jul 19 15:52:16 2019 : Debug: (5)         } # else = noop
Fri Jul 19 15:52:16 2019 : Debug: (5)       } # policy
rewrite_called_station_id = noop
Fri Jul 19 15:52:16 2019 : Debug: (5)       modsingle[authorize]:
calling mschap (rlm_mschap)
Fri Jul 19 15:52:16 2019 : Debug: (5)       modsingle[authorize]:
returned from mschap (rlm_mschap)
Fri Jul 19 15:52:16 2019 : Debug: (5)       [mschap] = noop
Fri Jul 19 15:52:16 2019 : Debug: (5)       modsingle[authorize]:
calling suffix (rlm_realm)
Fri Jul 19 15:52:16 2019 : Debug: (5) suffix: Checking for suffix after "@"
Fri Jul 19 15:52:16 2019 : Debug: (5) suffix: No '@' in User-Name =
"rt015", looking up realm NULL
Fri Jul 19 15:52:16 2019 : Debug: (5) suffix: Found realm "NULL"
Fri Jul 19 15:52:16 2019 : Debug: (5) suffix: Adding
Stripped-User-Name = "rt015"
Fri Jul 19 15:52:16 2019 : Debug: (5) suffix: Adding Realm = "NULL"
Fri Jul 19 15:52:16 2019 : Debug: (5) suffix: Authentication realm is LOCAL
Fri Jul 19 15:52:16 2019 : Debug: (5)       modsingle[authorize]:
returned from suffix (rlm_realm)
Fri Jul 19 15:52:16 2019 : Debug: (5)       [suffix] = ok
Fri Jul 19 15:52:16 2019 : Debug: (5)       update control {
Fri Jul 19 15:52:16 2019 : Debug: (5)         &Proxy-To-Realm := LOCAL
Fri Jul 19 15:52:16 2019 : Debug: (5)       } # update control = noop
Fri Jul 19 15:52:16 2019 : Debug: (5)       modsingle[authorize]:
calling eap (rlm_eap)
Fri Jul 19 15:52:16 2019 : Debug: (5) eap: No EAP-Message, not doing EAP
Fri Jul 19 15:52:16 2019 : Debug: (5)       modsingle[authorize]:
returned from eap (rlm_eap)
Fri Jul 19 15:52:16 2019 : Debug: (5)       [eap] = noop


More information about the Freeradius-Users mailing list