Add VSA in pre-proxy stage

Arnaud LAURIOU arnaud.lauriou at renater.fr
Fri Sep 11 16:06:52 CEST 2020


Hello,

I'm trying to add a VSA in an Access-Request before proxing it to an 
authentification RADIUS server.

I use this attribute definition :
BEGIN-VENDOR    FreeRADIUS      format=Extended-Vendor-Specific-1
ATTRIBUTE       FreeRADIUS-Eduroam-Prevent-Loop         1 integer
END-VENDOR      FreeRADIUS


I add this VSA in the pre-proxy stage, but I get :
(0)   # Executing section pre-proxy from file 
/etc/freeradius/sites-enabled/default
(0)     pre-proxy {
...
(0)       if (!FreeRADIUS-Eduroam-Prevent-Loop) {
(0)       if (!FreeRADIUS-Eduroam-Prevent-Loop)  -> TRUE
(0)       if (!FreeRADIUS-Eduroam-Prevent-Loop)  {
(0)         update request {
(0)           &FreeRADIUS-Eduroam-Prevent-Loop := 1
(0)         } # update request = noop
(0)       } # if (!FreeRADIUS-Eduroam-Prevent-Loop)  = noop
(0)       ... skipping else: Preceding "if" was taken

Why is the return state of this update to 'noop' ? I shoud not get a 
'ok' or 'updated' return state ?

And this VSA does not seem to be added to the forwarded Access-Request :
(0) Proxying request to home server 194.57.4.197 port 1812 timeout 14.000000
(0) Sent Access-Request Id 255 from 0.0.0.0:47596 to 194.57.4.197:1812 
length 162
(0)   User-Name = "anonymous at renater.fr"
(0)   NAS-IP-Address = 127.0.0.1
(0)   Calling-Station-Id := "02-00-00-00-00-01"
(0)   Framed-MTU = 1400
(0)   NAS-Port-Type = Wireless-802.11
(0)   Service-Type = Framed-User
(0)   Connect-Info = "eduroam.fr monitoring"
(0)   EAP-Message = 0x02c8001901616e6f6e796d6f75734072656e617465722e6672
(0)   Message-Authenticator = 0x0705ffe079dfb7dc4cd3bdaad44477d4
(0)   Event-Timestamp = "Sep 11 2020 15:14:17 CEST"
(0)   Proxy-State = 0x30


It seems that I missed something, but where ?

Regards,

Arnaud Lauriou




More information about the Freeradius-Users mailing list