Add VSA in pre-proxy stage
Arnaud LAURIOU
arnaud.lauriou at renater.fr
Fri Sep 11 16:06:52 CEST 2020
Hello,
I'm trying to add a VSA in an Access-Request before proxing it to an
authentification RADIUS server.
I use this attribute definition :
BEGIN-VENDOR FreeRADIUS format=Extended-Vendor-Specific-1
ATTRIBUTE FreeRADIUS-Eduroam-Prevent-Loop 1 integer
END-VENDOR FreeRADIUS
I add this VSA in the pre-proxy stage, but I get :
(0) # Executing section pre-proxy from file
/etc/freeradius/sites-enabled/default
(0) pre-proxy {
...
(0) if (!FreeRADIUS-Eduroam-Prevent-Loop) {
(0) if (!FreeRADIUS-Eduroam-Prevent-Loop) -> TRUE
(0) if (!FreeRADIUS-Eduroam-Prevent-Loop) {
(0) update request {
(0) &FreeRADIUS-Eduroam-Prevent-Loop := 1
(0) } # update request = noop
(0) } # if (!FreeRADIUS-Eduroam-Prevent-Loop) = noop
(0) ... skipping else: Preceding "if" was taken
Why is the return state of this update to 'noop' ? I shoud not get a
'ok' or 'updated' return state ?
And this VSA does not seem to be added to the forwarded Access-Request :
(0) Proxying request to home server 194.57.4.197 port 1812 timeout 14.000000
(0) Sent Access-Request Id 255 from 0.0.0.0:47596 to 194.57.4.197:1812
length 162
(0) User-Name = "anonymous at renater.fr"
(0) NAS-IP-Address = 127.0.0.1
(0) Calling-Station-Id := "02-00-00-00-00-01"
(0) Framed-MTU = 1400
(0) NAS-Port-Type = Wireless-802.11
(0) Service-Type = Framed-User
(0) Connect-Info = "eduroam.fr monitoring"
(0) EAP-Message = 0x02c8001901616e6f6e796d6f75734072656e617465722e6672
(0) Message-Authenticator = 0x0705ffe079dfb7dc4cd3bdaad44477d4
(0) Event-Timestamp = "Sep 11 2020 15:14:17 CEST"
(0) Proxy-State = 0x30
It seems that I missed something, but where ?
Regards,
Arnaud Lauriou
More information about the Freeradius-Users
mailing list