Please tell me about rewrite_called_station_id.
Yuya Yanagi
peacefull64 at gmail.com
Fri Jul 19 10:26:39 CEST 2019
Hi,All
Please tell me about rewrite_called_station_id.
The description of rewrite_called_station_id was written to the
authorize section of sites-available / default and sites-available /
inner-tunnel to obtain
a Called-Station-SSID to control the approval process.
However, although the default file side could obtain the value of
Called-Station-SSID,
the process of rewrite_called_station_id became FALSE in the internal
tunnel file, and the value of Called-Station-SSID could not be
obtained.
Since I am using EAP-TTLS authentication, I want to set the inner
tunnel to branch control, but I can not use it.
If you have any advice, please let me know.
y.y
------------Debug log---------
Fri Jul 19 15:52:16 2019 : Debug: (0) Using Post-Auth-Type Challenge
Fri Jul 19 15:52:16 2019 : Debug: (0) # Executing group from file
/etc/raddb/sites-enabled/default
Fri Jul 19 15:52:16 2019 : Debug: (0) Challenge { ... } # empty
sub-section is ignored
Fri Jul 19 15:52:16 2019 : Debug: (0) session-state: Nothing to cache
Fri Jul 19 15:52:16 2019 : Debug: (0) Sent Access-Challenge Id 68 from
133.15.18.14:1812 to 133.15.250.241:60211 length 0
Fri Jul 19 15:52:16 2019 : Debug: (0) EAP-Message = 0x010200061520
Fri Jul 19 15:52:16 2019 : Debug: (0) Message-Authenticator =
0x00000000000000000000000000000000
Fri Jul 19 15:52:16 2019 : Debug: (0) State =
0x68f31ff968f10ae77b5c26c718e1463c
Fri Jul 19 15:52:16 2019 : Debug: (0) Finished request
Fri Jul 19 15:52:16 2019 : Debug: Waking up in 4.9 seconds.
Fri Jul 19 15:52:16 2019 : Debug: (1) Received Access-Request Id 70
from 133.15.250.241:60211 to 133.15.18.14:1812 length 279
Fri Jul 19 15:52:16 2019 : Debug: (1) User-Name = "anonymous"
Fri Jul 19 15:52:16 2019 : Debug: (1) NAS-IP-Address = 10.254.0.241
Fri Jul 19 15:52:16 2019 : Debug: (1) NAS-Port = 12289
Fri Jul 19 15:52:16 2019 : Debug: (1) Called-Station-Id =
"08-35-71-F2-CE-05:authtest"
Fri Jul 19 15:52:16 2019 : Debug: (1) Calling-Station-Id = "50-3E-AA-6D-ED-7E"
Fri Jul 19 15:52:16 2019 : Debug: (1) Framed-MTU = 1250
Fri Jul 19 15:52:16 2019 : Debug: (1) NAS-Port-Type = Wireless-802.11
Fri Jul 19 15:52:16 2019 : Debug: (1) Framed-Compression = None
Fri Jul 19 15:52:16 2019 : Debug: (1) Connect-Info = "CONNECT 802.11g"
Fri Jul 19 15:52:16 2019 : Debug: (1) Chargeable-User-Identity = 0x00
Fri Jul 19 15:52:16 2019 : Debug: (1) EAP-Message =
0x0202007115800000006716030100620100005e03015d31689fbadf8aadd98de6c61bd2a31c53b8b1185935160dd336d01fa44c5e86000018c014c0130035002fc00ac00900380032000a0013000500040100001d000a0006000400170018000b000201000023000000170000ff01000100
Fri Jul 19 15:52:16 2019 : Debug: (1) State =
0x68f31ff968f10ae77b5c26c718e1463c
Fri Jul 19 15:52:16 2019 : Debug: (1) Message-Authenticator =
0x9047a006c6a06a8e05c854228e8a472e
Fri Jul 19 15:52:16 2019 : Debug: (1) session-state: No cached attributes
Fri Jul 19 15:52:16 2019 : Debug: (1) # Executing section authorize
from file /etc/raddb/sites-enabled/default
Fri Jul 19 15:52:16 2019 : Debug: (1) authorize {
Fri Jul 19 15:52:16 2019 : Debug: (1) policy rewrite_called_station_id {
Fri Jul 19 15:52:16 2019 : Debug: (1) if (&Called-Station-Id &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i))
{
Fri Jul 19 15:52:16 2019 : Debug: No matches
Fri Jul 19 15:52:16 2019 : Debug: Adding 9 matches
Fri Jul 19 15:52:16 2019 : Debug: (1) if (&Called-Station-Id &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i))
-> TRUE
Fri Jul 19 15:52:16 2019 : Debug: (1) if (&Called-Station-Id &&
(&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i))
{
Fri Jul 19 15:52:16 2019 : Debug: (1) update request {
Fri Jul 19 15:52:16 2019 : Debug: (1) 1/9 Found: 08 (3)
Fri Jul 19 15:52:16 2019 : Debug: (1) 2/9 Found: 35 (3)
Fri Jul 19 15:52:16 2019 : Debug: (1) 3/9 Found: 71 (3)
Fri Jul 19 15:52:16 2019 : Debug: (1) 4/9 Found: F2 (3)
Fri Jul 19 15:52:16 2019 : Debug: (1) 5/9 Found: CE (3)
Fri Jul 19 15:52:16 2019 : Debug: (1) 6/9 Found: 05 (3)
Fri Jul 19 15:52:16 2019 : Debug: (1) EXPAND
%{toupper:%{1}-%{2}-%{3}-%{4}-%{5}-%{6}}
Fri Jul 19 15:52:16 2019 : Debug: (1) --> 08-35-71-F2-CE-05
Fri Jul 19 15:52:16 2019 : Debug: (1) &Called-Station-Id :=
08-35-71-F2-CE-05
Fri Jul 19 15:52:16 2019 : Debug: (1) Overwriting value
"08-35-71-F2-CE-05:authtest" with "08-35-71-F2-CE-05"
Fri Jul 19 15:52:16 2019 : Debug: (1) } # update request = noop
Fri Jul 19 15:52:16 2019 : Debug: (1) if ("%{8}") {
Fri Jul 19 15:52:16 2019 : Debug: (1) EXPAND TMPL XLAT STRUCT
Fri Jul 19 15:52:16 2019 : Debug: (1) 8/9 Found: authtest (9)
Fri Jul 19 15:52:16 2019 : Debug: (1) EXPAND %{8}
Fri Jul 19 15:52:16 2019 : Debug: (1) --> authtest
Fri Jul 19 15:52:16 2019 : Debug: (1) if ("%{8}") -> TRUE
Fri Jul 19 15:52:16 2019 : Debug: (1) if ("%{8}") {
Fri Jul 19 15:52:16 2019 : Debug: (1) update request {
Fri Jul 19 15:52:16 2019 : Debug: (1) 8/9 Found: authtest (9)
Fri Jul 19 15:52:16 2019 : Debug: (1) EXPAND %{8}
Fri Jul 19 15:52:16 2019 : Debug: (1) --> authtest
Fri Jul 19 15:52:16 2019 : Debug: (1) &Called-Station-SSID
:= authtest
Fri Jul 19 15:52:16 2019 : Debug: (1) } # update request = noop
Fri Jul 19 15:52:16 2019 : Debug: (1) } # if ("%{8}") = noop
Fri Jul 19 15:52:16 2019 : Debug: (1) modsingle[authorize]:
calling updated (rlm_always)
Fri Jul 19 15:52:16 2019 : Debug: (1) modsingle[authorize]:
returned from updated (rlm_always)
Fri Jul 19 15:52:16 2019 : Debug: (1) [updated] = updated
Fri Jul 19 15:52:16 2019 : Debug: (1) } # if (&Called-Station-Id
&& (&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i))
= updated
Fri Jul 19 15:52:16 2019 : Debug: (1) ... skipping else:
Preceding "if" was taken
Fri Jul 19 15:52:16 2019 : Debug: (1) } # policy
rewrite_called_station_id = updated
......
Fri Jul 19 15:52:16 2019 : Debug: (5) session-state: No State attribute
Fri Jul 19 15:52:16 2019 : Debug: (5) # Executing section authorize
from file /etc/raddb/sites-enabled/inner-tunnel
Fri Jul 19 15:52:16 2019 : Debug: (5) authorize {
Fri Jul 19 15:52:16 2019 : Debug: (5) policy rewrite_called_station_id {
Fri Jul 19 15:52:16 2019 : Debug: (5) if (&Called-Station-Id
&& (&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i))
{
Fri Jul 19 15:52:16 2019 : Debug: (5) if (&Called-Station-Id
&& (&Called-Station-Id =~
/^([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})[^0-9a-f]?([0-9a-f]{2})([^0-9a-f](.+))?$/i))
-> FALSE
Fri Jul 19 15:52:16 2019 : Debug: (5) else {
Fri Jul 19 15:52:16 2019 : Debug: (5) modsingle[authorize]:
calling noop (rlm_always)
Fri Jul 19 15:52:16 2019 : Debug: (5) modsingle[authorize]:
returned from noop (rlm_always)
Fri Jul 19 15:52:16 2019 : Debug: (5) [noop] = noop
Fri Jul 19 15:52:16 2019 : Debug: (5) } # else = noop
Fri Jul 19 15:52:16 2019 : Debug: (5) } # policy
rewrite_called_station_id = noop
Fri Jul 19 15:52:16 2019 : Debug: (5) modsingle[authorize]:
calling mschap (rlm_mschap)
Fri Jul 19 15:52:16 2019 : Debug: (5) modsingle[authorize]:
returned from mschap (rlm_mschap)
Fri Jul 19 15:52:16 2019 : Debug: (5) [mschap] = noop
Fri Jul 19 15:52:16 2019 : Debug: (5) modsingle[authorize]:
calling suffix (rlm_realm)
Fri Jul 19 15:52:16 2019 : Debug: (5) suffix: Checking for suffix after "@"
Fri Jul 19 15:52:16 2019 : Debug: (5) suffix: No '@' in User-Name =
"rt015", looking up realm NULL
Fri Jul 19 15:52:16 2019 : Debug: (5) suffix: Found realm "NULL"
Fri Jul 19 15:52:16 2019 : Debug: (5) suffix: Adding
Stripped-User-Name = "rt015"
Fri Jul 19 15:52:16 2019 : Debug: (5) suffix: Adding Realm = "NULL"
Fri Jul 19 15:52:16 2019 : Debug: (5) suffix: Authentication realm is LOCAL
Fri Jul 19 15:52:16 2019 : Debug: (5) modsingle[authorize]:
returned from suffix (rlm_realm)
Fri Jul 19 15:52:16 2019 : Debug: (5) [suffix] = ok
Fri Jul 19 15:52:16 2019 : Debug: (5) update control {
Fri Jul 19 15:52:16 2019 : Debug: (5) &Proxy-To-Realm := LOCAL
Fri Jul 19 15:52:16 2019 : Debug: (5) } # update control = noop
Fri Jul 19 15:52:16 2019 : Debug: (5) modsingle[authorize]:
calling eap (rlm_eap)
Fri Jul 19 15:52:16 2019 : Debug: (5) eap: No EAP-Message, not doing EAP
Fri Jul 19 15:52:16 2019 : Debug: (5) modsingle[authorize]:
returned from eap (rlm_eap)
Fri Jul 19 15:52:16 2019 : Debug: (5) [eap] = noop
More information about the Freeradius-Users
mailing list