rlm_python: Access Request source IP Address is missing from authorize(p) function argument
Alan DeKok
aland at deployingradius.com
Sat May 30 15:21:20 CEST 2020
On May 29, 2020, at 11:28 PM, Gleb Lisikh <in4bit.general at gmail.com> wrote:
>
> I'd like to be able to work in my python authorize function with the IP
> address of the NAS interface from which Access-Request is received
> (external). From the radiusd -X output this is the A1.A2.A3.A4 address I am
> interested in.
> =========================================
> Received Access-Request Id 7 from A1.A2.A3.A4:54594 to B1.B2.B3.B4:1812
> length 415
> ==========================================
> This is the same IP address that gets tested against shared secret
> configured in clients.conf
>
> Unfortunately, the tuple (p) that gets passed to the authorize function
> (authorize(p)) by rlm_python has a different (internal) NAS-IP-Address,
> which is of no use to me.
The attributes which get passed to Python are the ones in the packet. Not the various IP / UDP headers.
> If radiusd is in principle aware of the A1.A2.A3.A4 IP address I am
> interested in, how can I gain access to it in my python authorize(p) or
> any other function?
You can get the source IP and convert it to a real attribute:
update request {
Packet-Src-IP-Address := "%{Packet-Src-IP-Address}"
}
It's a little weird, but this "realizes" the virtual src IP into a real attribute.
Alan DeKok.
More information about the Freeradius-Users
mailing list