Expansion of acct-unique-session-id query

Thu Jul 23 12:03:55 CEST 2020

Hi all,
  Me again ☺
I’m having an issue with the creation of the Acct-Unique-Session-Id control attribute in v4. In v3, the policy did something like the following :

(545)       else {
(545)         update request {
(545)           EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(545)           --> 0a28ca134cc4f141e97cacdf91f7551f
(545)           Acct-Unique-Session-Id := "0a28ca134cc4f141e97cacdf91f7551f"

If I do something like :

echo -n "00c0b7869f20,001E00000002,,IT-2530-2,,5" | md5sum
I get the same md5 hash, good:

0a28ca134cc4f141e97cacdf91f7551f  -

In v4, (I’ve altered the attributes used in the calculation to match the v3 calculation, to try and demonstrate the issue). The output should in theory be the same?
I get:

(0)      else {
(0)        update request {
(0)          EXPAND %{User-Name}
(0)            --> 00c0b7869f20
(0)          EXPAND %{Acct-Session-ID}
(0)            --> 001E00000002
(0)          EXPAND %{NAS-IP-Address}
(0)            -->
(0)          EXPAND %{NAS-Identifier}
(0)            --> IT-2530-2
(0)          EXPAND %{NAS-Port-ID}
(0)            --> ,
(0)          EXPAND %{NAS-Port}
(0)            --> 5
(0)          EXPAND %{md5:%{User-Name},%{Acct-Session-ID},%{NAS-IP-Address},%{NAS-Identifier},%{NAS-Port-ID},%{NAS-Port}}
(0)                (%{md5:00c0b7869f20,001E00000002,,IT-2530-2,,5})
(0)            --> 0xa5850401f8c9f7ffdd43a04100ca8190
(0)          &Acct-Unique-Session-Id := "\245\205\004\001\370\311\367\377\335C\240A\000ʁ\220"

Everything expands ok, and it says it’s doing an md5 on the correct resulting “string”, but the output looks pretty odd. Should the md5 come out in hex format? I guess it’s maybe that part at fault, instead of the hex->string conversion?


This message may contain confidential information. If you are not the intended recipient please inform the
sender that you have received the message in error before deleting it.
Please do not disclose, copy or distribute information in this e-mail or take any action in relation to its contents. To do so is strictly prohibited and may be unlawful. Thank you for your co-operation.

NHSmail is the secure email and directory service available for all NHS staff in England and Scotland. NHSmail is approved for exchanging patient data and other sensitive information with NHSmail and other accredited email services.

For more information and to find out how you can switch, https://portal.nhs.net/help/joiningnhsmail

More information about the Freeradius-Users mailing list